![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.84, Sat Oct 3 18:01:55 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: HEAD
Changes since 1.83: +1 -1 lines
FILE REMOVED
Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c
The d1_{clnt,srvr}.c contain a single function each - merge these into the
ssl_{clnt,srvr}.c, renaming them with an ssl3_ prefix for consistency.
ok beck@ tb@
Revision 1.83 / (download) - annotate - [select for diffs], Thu Jan 23 10:48:37 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.82: +2 -3 lines
Diff to previous 1.82 (colored)
Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL. ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Nov 5 05:45:15 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.81: +1 -44 lines
Diff to previous 1.81 (colored)
Consolidate all of the SSL method structs/functions into a single file. Discussed with tb@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Aug 30 16:56:16 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.80: +1 -3 lines
Diff to previous 1.80 (colored)
Nuke ssl_pending/ssl_shutdown function pointers. ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
Revision 1.80 / (download) - annotate - [select for diffs], Sat Apr 7 17:02:34 2018 UTC (6 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.79: +1 -4 lines
Diff to previous 1.79 (colored)
Remove function pointers for ssl_{read,write,peek}.
Now that everything goes through the same code path, we can remove a layer
of indirection and just call ssl3_{read,write,peek} directly.
ok beck@ inoguchi@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Oct 10 15:13:26 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.78: +2 -434 lines
Diff to previous 1.78 (colored)
Merge dtls1_connect() into ssl3_connect(), removing a large amount of duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
Revision 1.78 / (download) - annotate - [select for diffs], Sun Oct 8 16:54:28 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.77: +38 -32 lines
Diff to previous 1.77 (colored)
Reduce non-functional differences between dtls1_connect() and ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
Revision 1.77 / (download) - annotate - [select for diffs], Sun Oct 8 16:24:02 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS, which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
Revision 1.76 / (download) - annotate - [select for diffs], Sun May 7 04:22:24 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.75: +36 -36 lines
Diff to previous 1.75 (colored)
Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
Revision 1.75 / (download) - annotate - [select for diffs], Sat May 6 22:24:57 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.74: +12 -12 lines
Diff to previous 1.74 (colored)
Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@
Revision 1.74 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.73: +4 -4 lines
Diff to previous 1.73 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.73 / (download) - annotate - [select for diffs], Thu Jan 26 12:16:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.72: +2 -3 lines
Diff to previous 1.72 (colored)
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
Revision 1.72 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.71: +4 -4 lines
Diff to previous 1.71 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Jan 26 06:32:58 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.70: +5 -5 lines
Diff to previous 1.70 (colored)
Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jan 26 05:31:25 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.69: +2 -3 lines
Diff to previous 1.69 (colored)
Merge the client/server version negotiation into the existing (currently fixed version) client/server code. ok beck@
Revision 1.69 / (download) - annotate - [select for diffs], Mon Jan 23 13:36:13 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.68: +18 -14 lines
Diff to previous 1.68 (colored)
Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Jan 23 10:22:06 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.67: +1 -5 lines
Diff to previous 1.67 (colored)
Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrl from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jan 23 08:48:44 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.66: +36 -36 lines
Diff to previous 1.66 (colored)
send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jan 23 06:45:30 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.65: +41 -41 lines
Diff to previous 1.65 (colored)
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Jan 23 04:55:26 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.64: +6 -6 lines
Diff to previous 1.64 (colored)
move the callbacks from ssl_st to internal ok jsing@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.63: +3 -3 lines
Diff to previous 1.63 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Jan 23 00:12:54 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.62: +5 -5 lines
Diff to previous 1.62 (colored)
Move the stats struct from SSL_CTX to internal. ok beck@
Revision 1.62 / (download) - annotate - [select for diffs], Sun Jan 22 09:02:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.61: +20 -20 lines
Diff to previous 1.61 (colored)
Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
Revision 1.61 / (download) - annotate - [select for diffs], Sun Jan 22 07:16:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.60: +13 -13 lines
Diff to previous 1.60 (colored)
Move most of DTLS1_STATE to internal. ok jsing@
Revision 1.60 / (download) - annotate - [select for diffs], Sat Jan 21 06:50:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.59: +3 -1 lines
Diff to previous 1.59 (colored)
Specify minimum and maximum protocol version for each method. This is currently unused, but will be in the near future. ok beck@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Dec 6 13:38:11 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.58: +2 -67 lines
Diff to previous 1.58 (colored)
Now that ssl3_send_{client,server}_certificate() are using the common
handshake functions, we can remove more copied code from DTLS.
Revision 1.58 / (download) - annotate - [select for diffs], Fri Nov 4 19:11:43 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), since that's what it really is. ok miod@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Nov 4 18:30:21 2016 UTC (7 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
The *_method_data structures can be static ok jsing@
Revision 1.56 / (download) - annotate - [select for diffs], Fri Mar 11 07:08:45 2016 UTC (8 years, 3 months ago) by mmcc
Branch: MAIN
Changes since 1.55: +2 -3 lines
Diff to previous 1.55 (colored)
X509_free(3) is NULL-safe, so remove NULL checks before its calls. ok doug@
Revision 1.55 / (download) - annotate - [select for diffs], Sat Sep 12 16:10:07 2015 UTC (8 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.54: +3 -11 lines
Diff to previous 1.54 (colored)
Remove most of the SSLv3 version checks and a few TLS v1.0. We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
Revision 1.54 / (download) - annotate - [select for diffs], Sat Sep 12 12:58:15 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.53: +2 -72 lines
Diff to previous 1.53 (colored)
Uncopy and unpaste dtls1_send_client_verify() - the ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
Revision 1.53 / (download) - annotate - [select for diffs], Sat Sep 12 12:26:56 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.52: +4 -267 lines
Diff to previous 1.52 (colored)
Uncopy and unpaste dtls1_send_client_key_exchange() - the ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Sep 11 18:08:21 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.51: +3 -3 lines
Diff to previous 1.51 (colored)
Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of a ssl3_ prefix. ok beck@
Revision 1.51 / (download) - annotate - [select for diffs], Fri Sep 11 16:28:37 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
Replace dtls1_send_finished() with ssl3_send_finished() - they're now both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
Revision 1.50 / (download) - annotate - [select for diffs], Thu Sep 10 17:57:50 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.49: +3 -4 lines
Diff to previous 1.49 (colored)
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
Revision 1.49 / (download) - annotate - [select for diffs], Thu Sep 10 15:56:26 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Correct spelling of OPENSSL_cleanse. ok miod@
Revision 1.48 / (download) - annotate - [select for diffs], Wed Sep 2 17:59:15 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.47: +6 -99 lines
Diff to previous 1.47 (colored)
Replace dtls1_client_hello() with ssl3_client_hello() - both are basically the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
Revision 1.47 / (download) - annotate - [select for diffs], Wed Jul 15 18:35:34 2015 UTC (8 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.46: +38 -92 lines
Diff to previous 1.46 (colored)
Flense out dead code, we don't do ecdhe_clnt_cert. coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Jul 14 05:26:32 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.45: +23 -17 lines
Diff to previous 1.45 (colored)
Convert dtls1_get_hello_verify to CBS. ok miod@ jsing@
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jun 13 08:38:10 2015 UTC (9 years ago) by doug
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Fix bad indenting in LibreSSL. jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
Revision 1.44 / (download) - annotate - [select for diffs], Fri Mar 27 12:29:54 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.43: +6 -20 lines
Diff to previous 1.43 (colored)
Factor out the init_buf initialisation code, rather than duplicating it in four different places. ok doug@ guenther@
Revision 1.33.2.1 / (download) - annotate - [select for diffs], Wed Mar 11 19:52:37 2015 UTC (9 years, 3 months ago) by tedu
Changes since 1.33: +10 -14 lines
Diff to previous 1.33 (colored) next main 1.34 (colored)
backport fixes to prevent connections from being downgraded to weak keys. ok bluhm miod
Revision 1.43 / (download) - annotate - [select for diffs], Mon Feb 9 10:53:28 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.42: +1 -145 lines
Diff to previous 1.42 (colored)
Jettison DTLS over SCTP. OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
Revision 1.42 / (download) - annotate - [select for diffs], Fri Feb 6 08:30:23 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.41: +3 -1 lines
Diff to previous 1.41 (colored)
Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char. This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
Revision 1.41 / (download) - annotate - [select for diffs], Sun Dec 14 16:19:38 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.40: +19 -52 lines
Diff to previous 1.40 (colored)
Convert all of the straight forward client handshake handling code to use the new handshake functions. ok miod@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Dec 10 15:43:31 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.39: +5 -2 lines
Diff to previous 1.39 (colored)
ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
Revision 1.39 / (download) - annotate - [select for diffs], Sat Dec 6 14:24:26 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.38: +10 -14 lines
Diff to previous 1.38 (colored)
Remove client handling of RSA in ServerKeyExchange messages, along with the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
Revision 1.38 / (download) - annotate - [select for diffs], Thu Nov 27 16:03:03 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.37: +9 -1 lines
Diff to previous 1.37 (colored)
Avoid a NULL dereference in the DTLS client that can be triggered by a crafted server response used in conjunction with an anonymous DH or anonymous ECDH ciphersuite. Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in copied code. Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
Revision 1.37 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.36: +6 -4 lines
Diff to previous 1.36 (colored)
Sort and group includes.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Oct 18 16:13:16 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.35: +3 -5 lines
Diff to previous 1.35 (colored)
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
Revision 1.35 / (download) - annotate - [select for diffs], Sun Sep 7 12:16:23 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them, nor do we plan on supporting them. ok guenther@
Revision 1.34 / (download) - annotate - [select for diffs], Sun Aug 10 14:42:55 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.33: +2 -4 lines
Diff to previous 1.33 (colored)
Since we no longer need to support SSLv2-style cipher lists, start
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
Revision 1.5.4.1 / (download) - annotate - [select for diffs], Sat Aug 9 16:55:55 2014 UTC (9 years, 10 months ago) by tedu
Changes since 1.5: +28 -3 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.5.8.1 / (download) - annotate - [select for diffs], Sat Aug 9 16:54:57 2014 UTC (9 years, 10 months ago) by tedu
Changes since 1.5: +28 -3 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.33 / (download) - annotate - [select for diffs], Thu Aug 7 20:02:23 2014 UTC (9 years, 10 months ago) by miod
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)
Oops, revert changes commited by mistake. The previous commit was supposed to only apply to s23_srvr.c.
Revision 1.32 / (download) - annotate - [select for diffs], Thu Aug 7 19:46:31 2014 UTC (9 years, 10 months ago) by miod
Branch: MAIN
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored)
When you expect a function to return a particular value, don't put a comment saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
Revision 1.31 / (download) - annotate - [select for diffs], Sat Jul 12 22:33:39 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
The correct name for EDH is DHE, likewise EECDH should be ECDHE. Based on changes to OpenSSL trunk. ok beck@ miod@
Revision 1.30 / (download) - annotate - [select for diffs], Sat Jul 12 13:11:53 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)
Remove remnants from PSK, KRB5 and SRP. ok beck@ miod@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jul 11 22:57:25 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.28: +9 -1 lines
Diff to previous 1.28 (colored)
As reported by David Ramos, most consumer of ssl_get_message() perform late bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jul 11 09:24:44 2014 UTC (9 years, 11 months ago) by beck
Branch: MAIN
Changes since 1.27: +1 -78 lines
Diff to previous 1.27 (colored)
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
Revision 1.27 / (download) - annotate - [select for diffs], Thu Jul 10 08:51:14 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.26: +4 -22 lines
Diff to previous 1.26 (colored)
decompress libssl. ok beck jsing
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.25: +1 -1 lines
Diff to previous 1.25 (colored)
tags as requested by miod and tedu
Revision 1.25 / (download) - annotate - [select for diffs], Sat Jun 7 22:23:12 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.24: +1 -2 lines
Diff to previous 1.24 (colored)
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jun 7 14:10:35 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.23: +4 -6 lines
Diff to previous 1.23 (colored)
The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all have implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
Revision 1.23 / (download) - annotate - [select for diffs], Sat May 31 14:15:21 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.22: +122 -103 lines
Diff to previous 1.22 (colored)
More KNF.
Revision 1.22 / (download) - annotate - [select for diffs], Sat May 31 10:49:28 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.21: +0 -19 lines
Diff to previous 1.21 (colored)
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT. ok tedu@
Revision 1.21 / (download) - annotate - [select for diffs], Fri May 30 14:30:50 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.20: +0 -7 lines
Diff to previous 1.20 (colored)
remove some #if 0 code. we don't need any more reminders that we're using a not quite appropriate data structure. ok jsing
Revision 1.20 / (download) - annotate - [select for diffs], Thu May 29 18:11:13 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.19: +0 -12 lines
Diff to previous 1.19 (colored)
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them. ok deraadt jsing
Revision 1.19 / (download) - annotate - [select for diffs], Wed May 28 13:03:24 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.18: +6 -9 lines
Diff to previous 1.18 (colored)
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
Revision 1.18 / (download) - annotate - [select for diffs], Sat May 24 12:44:48 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.17: +38 -3 lines
Diff to previous 1.17 (colored)
DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far more readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
Revision 1.17 / (download) - annotate - [select for diffs], Mon May 5 15:03:22 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.16: +0 -134 lines
Diff to previous 1.16 (colored)
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Apr 23 22:26:26 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.15: +0 -6 lines
Diff to previous 1.15 (colored)
Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
Revision 1.15 / (download) - annotate - [select for diffs], Mon Apr 21 16:34:43 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.14: +1 -3 lines
Diff to previous 1.14 (colored)
more malloc/realloc/calloc cleanups; ok beck kettenis
Revision 1.14 / (download) - annotate - [select for diffs], Sat Apr 19 08:52:32 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.13: +3 -4 lines
Diff to previous 1.13 (colored)
More KNF and style consistency tweaks
Revision 1.13 / (download) - annotate - [select for diffs], Thu Apr 17 21:41:12 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.12: +1 -4 lines
Diff to previous 1.12 (colored)
no longer need to fool emacs indentation and other if (0) oddities.
Revision 1.12 / (download) - annotate - [select for diffs], Thu Apr 17 21:37:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.11: +0 -12 lines
Diff to previous 1.11 (colored)
always build in RSA and DSA. ok deraadt miod
Revision 1.11 / (download) - annotate - [select for diffs], Thu Apr 17 13:37:49 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 14 18:45:55 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.9: +0 -12 lines
Diff to previous 1.9 (colored)
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Revision 1.9 / (download) - annotate - [select for diffs], Mon Apr 14 17:45:38 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.8: +0 -2 lines
Diff to previous 1.8 (colored)
So the OpenSSL codebase does "get the time, add it as a random seed" in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 14 14:51:11 2014 UTC (10 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.7: +734 -811 lines
Diff to previous 1.7 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Apr 13 21:11:19 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
Do not include "e_os.h" anymore. Simply pull in the necessary headers. ok miod@, deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.5: +22 -14 lines
Diff to previous 1.5 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 2 months ago) by miod
Changes since 1.1.1.5: +22 -14 lines
Diff to previous 1.1.1.5 (colored)
Import OpenSSL 1.0.1g
Revision 1.5 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.4: +184 -10 lines
Diff to previous 1.4 (colored)
resolve conflicts
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:49 2012 UTC (11 years, 7 months ago) by djm
Changes since 1.1.1.4: +184 -10 lines
Diff to previous 1.1.1.4 (colored)
import OpenSSL-1.0.1c
Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 3 02:34:33 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.3: +4 -2 lines
Diff to previous 1.3 (colored)
openssl-1.0.0e: resolve conflicts
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Thu Nov 3 02:32:19 2011 UTC (12 years, 7 months ago) by djm
Changes since 1.1.1.3: +4 -2 lines
Diff to previous 1.1.1.3 (colored)
import OpenSSL 1.0.0e
Revision 1.3 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.2: +416 -37 lines
Diff to previous 1.2 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.2: +416 -37 lines
Diff to previous 1.1.1.2 (colored)
import OpenSSL-1.0.0a
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:06 2009 UTC (15 years, 5 months ago) by djm
Changes since 1.1.1.1: +1 -2 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.8j
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
import of OpenSSL 0.9.8h
Revision 1.1 / (download) - annotate - [select for diffs], Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
Initial revision