![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.71, Thu Jan 26 05:51:54 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: HEAD
Changes since 1.70: +1 -1 lines
FILE REMOVED
Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no
longer SSLv3 code.
ok beck@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jan 26 05:31:25 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.69: +9 -2 lines
Diff to previous 1.69 (colored)
Merge the client/server version negotiation into the existing (currently fixed version) client/server code. ok beck@
Revision 1.69 / (download) - annotate - [select for diffs], Wed Jan 25 06:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.68: +44 -14 lines
Diff to previous 1.68 (colored)
Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Jan 23 14:35:42 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.67: +8 -8 lines
Diff to previous 1.67 (colored)
Move options and mode from SSL_CTX and SSL to internal, since these can be set and cleared via existing functions.
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jan 23 13:36:13 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.66: +13 -13 lines
Diff to previous 1.66 (colored)
Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jan 23 08:48:44 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.65: +19 -19 lines
Diff to previous 1.65 (colored)
send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Jan 23 08:08:06 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.64: +8 -8 lines
Diff to previous 1.64 (colored)
move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and other perversions touches them sickly and unnaturally.
Revision 1.64 / (download) - annotate - [select for diffs], Mon Jan 23 06:45:30 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.63: +61 -61 lines
Diff to previous 1.63 (colored)
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Jan 23 04:55:26 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.62: +25 -25 lines
Diff to previous 1.62 (colored)
move the callbacks from ssl_st to internal ok jsing@
Revision 1.62 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.61 / (download) - annotate - [select for diffs], Sun Jan 22 09:02:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.60: +74 -74 lines
Diff to previous 1.60 (colored)
Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
Revision 1.60 / (download) - annotate - [select for diffs], Thu Nov 17 15:06:22 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.59: +3 -5 lines
Diff to previous 1.59 (colored)
Use defines instead of magic numbers and comments.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Nov 3 16:23:30 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.58: +24 -4 lines
Diff to previous 1.58 (colored)
In ssl3_read_bytes(), do not process more than three consecutive TLS records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
Revision 1.58 / (download) - annotate - [select for diffs], Sun Jul 10 23:07:34 2016 UTC (7 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
zero the read buffer after copying data to user so it doesn't linger. ok beck
Revision 1.57.2.2 / (download) - annotate - [select for diffs], Wed May 4 01:10:57 2016 UTC (8 years, 1 month ago) by tedu
Changes since 1.57.2.1: +1 -2 lines
Diff to previous 1.57.2.1 (colored) next main 1.58 (colored)
this chunk was NOT supposed to be committed. spotted by jsg.
Revision 1.57.2.1 / (download) - annotate - [select for diffs], Tue May 3 12:39:48 2016 UTC (8 years, 1 month ago) by tedu
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
backport patch from openssl for multiple issues: missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
Revision 1.57 / (download) - annotate - [select for diffs], Sat Sep 12 16:10:07 2015 UTC (8 years, 8 months ago) by doug
Branch: MAIN
Changes since 1.56: +1 -6 lines
Diff to previous 1.56 (colored)
Remove most of the SSLv3 version checks and a few TLS v1.0. We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
Revision 1.56 / (download) - annotate - [select for diffs], Fri Jul 24 02:39:43 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.55: +29 -22 lines
Diff to previous 1.55 (colored)
Convert ssl3_get_record to CBS. ok miod@ jsing@
Revision 1.55 / (download) - annotate - [select for diffs], Sat Jul 18 19:41:54 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.54: +4 -17 lines
Diff to previous 1.54 (colored)
Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround. This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
Revision 1.54 / (download) - annotate - [select for diffs], Sun Dec 14 21:49:29 2014 UTC (9 years, 5 months ago) by bcook
Branch: MAIN
Changes since 1.53: +11 -15 lines
Diff to previous 1.53 (colored)
unconditionally align SSL payloads Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
Revision 1.53 / (download) - annotate - [select for diffs], Sun Dec 14 15:30:50 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.52: +9 -9 lines
Diff to previous 1.52 (colored)
Remove trailing whitespace.
Revision 1.52 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.51: +5 -3 lines
Diff to previous 1.51 (colored)
Sort and group includes.
Revision 1.51 / (download) - annotate - [select for diffs], Sat Oct 18 16:13:16 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.50: +1 -2 lines
Diff to previous 1.50 (colored)
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
Revision 1.19.4.4 / (download) - annotate - [select for diffs], Sat Aug 9 16:55:55 2014 UTC (9 years, 9 months ago) by tedu
Changes since 1.19.4.3: +1 -1 lines
Diff to previous 1.19.4.3 (colored) next main 1.20 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.20.4.4 / (download) - annotate - [select for diffs], Sat Aug 9 16:54:58 2014 UTC (9 years, 9 months ago) by tedu
Changes since 1.20.4.3: +1 -1 lines
Diff to previous 1.20.4.3 (colored) next main 1.21 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.50 / (download) - annotate - [select for diffs], Sat Jul 12 13:11:53 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.49: +1 -5 lines
Diff to previous 1.49 (colored)
Remove remnants from PSK, KRB5 and SRP. ok beck@ miod@
Revision 1.49 / (download) - annotate - [select for diffs], Thu Jul 10 08:51:14 2014 UTC (9 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.48: +3 -66 lines
Diff to previous 1.48 (colored)
decompress libssl. ok beck jsing
Revision 1.48 / (download) - annotate - [select for diffs], Thu Jun 19 21:29:51 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
Revision 1.47 / (download) - annotate - [select for diffs], Fri Jun 13 10:52:24 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.46: +4 -1 lines
Diff to previous 1.46 (colored)
Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher. Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (9 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.45: +1 -1 lines
Diff to previous 1.45 (colored)
tags as requested by miod and tedu
Revision 1.45 / (download) - annotate - [select for diffs], Wed Jun 11 15:17:19 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.44: +0 -2 lines
Diff to previous 1.44 (colored)
Disable TLS support... Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jun 11 14:50:07 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.43: +91 -56 lines
Diff to previous 1.43 (colored)
More KNF.
Revision 1.19.4.3 / (download) - annotate - [select for diffs], Thu Jun 5 20:37:47 2014 UTC (9 years, 11 months ago) by sthen
Changes since 1.19.4.2: +9 -1 lines
Diff to previous 1.19.4.2 (colored)
MFC ChangeCipherSpec fixes (CVE-2014-0224 and additional safeguard), ok jsing@ "Be selective as to when ChangeCipherSpec messages will be accepted. Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret." From s3_clnt.c r1.64, s3_pkt.c r1.42, s3_srvr.c r1.59, ssl3.h r1.19 - note that the ssl3.h change has been applied to s3_locl.h instead to simplify patching. "Ensure that we do not process a ChangeCipherSpec with an empty master secret. This is an additional safeguard against early ChangeCipherSpec handling." From s3_pkt.c:1.43
Revision 1.20.4.3 / (download) - annotate - [select for diffs], Thu Jun 5 17:05:16 2014 UTC (9 years, 11 months ago) by sthen
Changes since 1.20.4.2: +9 -1 lines
Diff to previous 1.20.4.2 (colored)
MFC ChangeCipherSpec fixes (CVE-2014-0224 and additional safeguard), ok jsing@ "Be selective as to when ChangeCipherSpec messages will be accepted. Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret." From s3_clnt.c r1.64, s3_pkt.c r1.42, s3_srvr.c r1.59, ssl3.h r1.19 - note that the ssl3.h change has been applied to s3_locl.h instead to simplify patching. "Ensure that we do not process a ChangeCipherSpec with an empty master secret. This is an additional safeguard against early ChangeCipherSpec handling." From s3_pkt.c:1.43
Revision 1.43 / (download) - annotate - [select for diffs], Thu Jun 5 15:51:06 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.42: +1 -1 lines
Diff to previous 1.42 (colored)
Ensure that we do not process a ChangeCipherSpec with an empty master secret. This is an additional safeguard against early ChangeCipherSpec handling. From OpenSSL. ok deraadt@
Revision 1.42 / (download) - annotate - [select for diffs], Thu Jun 5 15:46:24 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.41: +8 -0 lines
Diff to previous 1.41 (colored)
Be selective as to when ChangeCipherSpec messages will be accepted. Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
Revision 1.41 / (download) - annotate - [select for diffs], Fri May 30 14:30:50 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.40: +0 -4 lines
Diff to previous 1.40 (colored)
remove some #if 0 code. we don't need any more reminders that we're using a not quite appropriate data structure. ok jsing
Revision 1.40 / (download) - annotate - [select for diffs], Fri May 30 14:01:11 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.39: +13 -15 lines
Diff to previous 1.39 (colored)
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
Revision 1.39 / (download) - annotate - [select for diffs], Tue May 27 18:51:24 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
Remove redundant test introduced in s3_pkt.c on 20001225, which got cargo-culted (with an XXX comment, though) in d1_pkt.c in 2005.
Revision 1.38 / (download) - annotate - [select for diffs], Sun May 25 16:23:10 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.37: +0 -5 lines
Diff to previous 1.37 (colored)
Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
Revision 1.19.4.2 / (download) - annotate - [select for diffs], Thu May 1 14:17:40 2014 UTC (10 years, 1 month ago) by sthen
Changes since 1.19.4.1: +4 -0 lines
Diff to previous 1.19.4.1 (colored)
MFC, requested by deraadt@ -/-------------------------- revision 1.33 date: 2014/04/24 04:31:30; author: tedu; state: Exp; lines: +4 -0; on today's episode of things you didn't want to learn: do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck -/--------------------------
Revision 1.20.4.2 / (download) - annotate - [select for diffs], Thu May 1 14:16:35 2014 UTC (10 years, 1 month ago) by sthen
Changes since 1.20.4.1: +4 -0 lines
Diff to previous 1.20.4.1 (colored)
MFC, requested by deraadt@ -/-------------------------- revision 1.33 date: 2014/04/24 04:31:30; author: tedu; state: Exp; lines: +4 -0; on today's episode of things you didn't want to learn: do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck -/--------------------------
Revision 1.37 / (download) - annotate - [select for diffs], Tue Apr 29 15:46:54 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.36: +10 -0 lines
Diff to previous 1.36 (colored)
Constrain bytes read/written to positive values. ok miod@ tedu@
Revision 1.36 / (download) - annotate - [select for diffs], Sat Apr 26 18:56:38 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.35: +2 -4 lines
Diff to previous 1.35 (colored)
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Apr 24 19:38:22 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.34: +89 -67 lines
Diff to previous 1.34 (colored)
rearrange a bit of code/comments
Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 24 06:02:58 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.33: +2 -0 lines
Diff to previous 1.33 (colored)
A fantastic way to make a large unsigned number is to assign a small signed one to it.. Some people on OpenSSL's list noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2 This should fix that, and make sure we don't try to write out insane amounts of stuff. ok miod@ tedu@
Revision 1.33 / (download) - annotate - [select for diffs], Thu Apr 24 04:31:30 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.32: +4 -0 lines
Diff to previous 1.32 (colored)
on today's episode of things you didn't want to learn: do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck
Revision 1.32 / (download) - annotate - [select for diffs], Sat Apr 19 19:40:11 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
release buffers fix was lost in merge. put it back.
Revision 1.31 / (download) - annotate - [select for diffs], Sat Apr 19 08:52:32 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
More KNF and style consistency tweaks
Revision 1.30 / (download) - annotate - [select for diffs], Fri Apr 18 15:39:53 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)
Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
the #define for compat, but document that it's a no-op now. Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"
ok beck@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 17 23:35:40 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.28: +0 -14 lines
Diff to previous 1.28 (colored)
whack a bunch of disabled code. ok beck lteo
Revision 1.28 / (download) - annotate - [select for diffs], Thu Apr 17 20:58:08 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.27: +0 -1 lines
Diff to previous 1.27 (colored)
Mostly gut e_os.h: USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
Revision 1.27 / (download) - annotate - [select for diffs], Tue Apr 15 16:21:04 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.26: +1 -1 lines
Diff to previous 1.26 (colored)
Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversions where the return value is ignored changing to (void) snprintf. ok deraadt@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Apr 14 18:45:55 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.25: +0 -13 lines
Diff to previous 1.25 (colored)
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Revision 1.25 / (download) - annotate - [select for diffs], Mon Apr 14 16:07:22 2014 UTC (10 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.24: +562 -661 lines
Diff to previous 1.24 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Apr 13 21:11:19 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
Do not include "e_os.h" anymore. Simply pull in the necessary headers. ok miod@, deraadt@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.22: +6 -5 lines
Diff to previous 1.22 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.12 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 1 month ago) by miod
Changes since 1.1.1.11: +62 -51 lines
Diff to previous 1.1.1.11 (colored)
Import OpenSSL 1.0.1g
Revision 1.20.4.1 / (download) - annotate - [select for diffs], Sat Apr 12 17:01:14 2014 UTC (10 years, 1 month ago) by deraadt
Changes since 1.20: +1 -1 lines
Diff to previous 1.20 (colored)
from head, will become 5.5 004_openssl.patch Changes by: tedu@cvs.openbsd.org 2014/04/10 13:01:37 Piotr Sikora pointed me at a more refined diff for the buffer release issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
Revision 1.19.4.1 / (download) - annotate - [select for diffs], Sat Apr 12 17:00:53 2014 UTC (10 years, 1 month ago) by deraadt
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored)
from head, will become 5.4 008_openssl.patch Changes by: tedu@cvs.openbsd.org 2014/04/10 13:01:37 Piotr Sikora pointed me at a more refined diff for the buffer release issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Sat Apr 12 17:00:22 2014 UTC (10 years, 1 month ago) by deraadt
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)
from head, will become 5.3 015_openssl.patch Changes by: tedu@cvs.openbsd.org 2014/04/10 13:01:37 Piotr Sikora pointed me at a more refined diff for the buffer release issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
Revision 1.22 / (download) - annotate - [select for diffs], Thu Apr 10 19:01:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.21: +2 -0 lines
Diff to previous 1.21 (colored)
Piotr Sikora pointed me at a more refined diff for the buffer release issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
Revision 1.21 / (download) - annotate - [select for diffs], Thu Apr 10 17:48:02 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.20: +0 -2 lines
Diff to previous 1.20 (colored)
don't release the read buffer if we're not done reading from it. ok benno deraadt
Revision 1.20 / (download) - annotate - [select for diffs], Thu Feb 27 21:04:57 2014 UTC (10 years, 3 months ago) by jca
Branch: MAIN
Changes since 1.19: +7 -1 lines
Diff to previous 1.19 (colored)
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@ CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
Revision 1.19 / (download) - annotate - [select for diffs], Thu Feb 14 15:11:43 2013 UTC (11 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.18: +52 -48 lines
Diff to previous 1.18 (colored)
cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
Revision 1.18 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.17: +68 -9 lines
Diff to previous 1.17 (colored)
resolve conflicts
Revision 1.1.1.11 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:49 2012 UTC (11 years, 7 months ago) by djm
Changes since 1.1.1.10: +68 -9 lines
Diff to previous 1.1.1.10 (colored)
import OpenSSL-1.0.1c
Revision 1.17 / (download) - annotate - [select for diffs], Thu Nov 3 02:34:33 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.16: +4 -2 lines
Diff to previous 1.16 (colored)
openssl-1.0.0e: resolve conflicts
Revision 1.1.1.10 / (download) - annotate - [select for diffs] (vendor branch), Thu Nov 3 02:32:21 2011 UTC (12 years, 7 months ago) by djm
Changes since 1.1.1.9: +4 -2 lines
Diff to previous 1.1.1.9 (colored)
import OpenSSL 1.0.0e
Revision 1.16 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.15: +206 -77 lines
Diff to previous 1.15 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.8: +207 -75 lines
Diff to previous 1.1.1.8 (colored)
import OpenSSL-1.0.0a
Revision 1.15 / (download) - annotate - [select for diffs], Wed Apr 14 12:41:05 2010 UTC (14 years, 1 month ago) by jasper
Branch: MAIN
Changes since 1.14: +4 -3 lines
Diff to previous 1.14 (colored)
Security fix for CVE-2010-0740 "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Wed Mar 31 12:17:40 2010 UTC (14 years, 2 months ago) by jasper
Changes since 1.14: +4 -3 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
ecurity fix for CVE-2010-0740 "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok djm@ sthen@
Revision 1.13.6.2 / (download) - annotate - [select for diffs], Wed Mar 31 12:17:28 2010 UTC (14 years, 2 months ago) by jasper
Changes since 1.13.6.1: +4 -3 lines
Diff to previous 1.13.6.1 (colored) next main 1.14 (colored)
Security fix for CVE-2010-0740 "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok djm@ sthen@
Revision 1.13.2.2 / (download) - annotate - [select for diffs], Wed Mar 31 12:16:43 2010 UTC (14 years, 2 months ago) by jasper
Changes since 1.13.2.1: +4 -3 lines
Diff to previous 1.13.2.1 (colored) next main 1.14 (colored)
Security fix for CVE-2010-0740 "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok djm@ sthen@
Revision 1.13.6.1 / (download) - annotate - [select for diffs], Tue Nov 17 14:34:52 2009 UTC (14 years, 6 months ago) by sthen
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
Pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from openssl 0.9.8l. As suggested by markus@, for -stable the header change is being restricted to a private file, so the minor version is not cranked here. Discussed with markus, djm, deraadt.
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Tue Nov 17 14:34:37 2009 UTC (14 years, 6 months ago) by sthen
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
Pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from openssl 0.9.8l. As suggested by markus@, for -stable the header change is being restricted to a private file, so the minor version is not cranked here. Discussed with markus, djm, deraadt.
Revision 1.14 / (download) - annotate - [select for diffs], Tue Nov 10 09:09:40 2009 UTC (14 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jan 9 12:15:52 2009 UTC (15 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.12: +8 -1 lines
Diff to previous 1.12 (colored)
resolve conflicts
Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:07 2009 UTC (15 years, 4 months ago) by djm
Changes since 1.1.1.7: +15 -1 lines
Diff to previous 1.1.1.7 (colored)
import openssl-0.9.8j
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.11: +7 -0 lines
Diff to previous 1.11 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Sep 6 12:17:53 2008 UTC (15 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.10: +25 -24 lines
Diff to previous 1.10 (colored)
resolve conflicts
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 8 months ago) by djm
Changes since 1.1.1.6: +25 -24 lines
Diff to previous 1.1.1.6 (colored)
import of OpenSSL 0.9.8h
Revision 1.10 / (download) - annotate - [select for diffs], Fri Apr 29 05:39:31 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.9: +6 -6 lines
Diff to previous 1.9 (colored)
resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 29 05:37:27 2005 UTC (19 years, 1 month ago) by djm
Changes since 1.1.1.5: +6 -6 lines
Diff to previous 1.1.1.5 (colored)
import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Wed Apr 7 20:42:06 2004 UTC (20 years, 1 month ago) by markus
Changes since 1.1.1.4: +8 -0 lines
Diff to previous 1.1.1.4 (colored)
import openssl-0.9.7d
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Wed Mar 17 18:07:41 2004 UTC (20 years, 2 months ago) by brad
Changes since 1.8: +8 -0 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
MFC: Fix by markus@ avoid null-pointer deref (aka CAN-2004-0079) see http://www.openssl.org/news/secadv_20040317.txt ok deraadt@ markus@
Revision 1.8.4.1 / (download) - annotate - [select for diffs], Wed Mar 17 17:50:58 2004 UTC (20 years, 2 months ago) by brad
Changes since 1.8: +8 -0 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
MFC: Fix by markus@ avoid null-pointer deref (aka CAN-2004-0079) see http://www.openssl.org/news/secadv_20040317.txt ok deraadt@ markus@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Mar 17 12:28:29 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.8: +8 -0 lines
Diff to previous 1.8 (colored)
avoid null-pointer deref (aka CAN-2004-0079) see http://www.openssl.org/news/secadv_20040317.txt
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Sun May 11 21:36:40 2003 UTC (21 years ago) by markus
Changes since 1.1.1.3: +31 -16 lines
Diff to previous 1.1.1.3 (colored)
import 0.9.7b (without idea and rc5)
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Sat Feb 22 22:12:12 2003 UTC (21 years, 3 months ago) by margarida
Changes since 1.7: +31 -16 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Pull patch from current: Fix by markus@ security fix from openssl 0.9.7a: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) markus@ ok
Revision 1.5.4.1 / (download) - annotate - [select for diffs], Sat Feb 22 17:46:48 2003 UTC (21 years, 3 months ago) by miod
Changes since 1.5: +46 -11 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Errata 021: security fix from openssl 0.9.7a: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) adapted from a patch from Ryan W. Maple, via markus@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Feb 19 20:37:46 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.7: +31 -16 lines
Diff to previous 1.7 (colored)
security fix from openssl 0.9.7a: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078)
Revision 1.7 / (download) - annotate - [select for diffs], Tue Sep 10 16:31:57 2002 UTC (21 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
merge openssl-0.9.7-beta3, tested on vax by miod@
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 22:44:12 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.2: +1 -1 lines
Diff to previous 1.1.1.2 (colored)
import openssl-0.9.7-beta3
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:51:35 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.1: +645 -419 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.6 / (download) - annotate - [select for diffs], Wed May 15 02:29:20 2002 UTC (22 years ago) by beck
Branch: MAIN
Changes since 1.5: +132 -49 lines
Diff to previous 1.5 (colored)
OpenSSL 0.9.7 stable 2002 05 08 merge
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jun 22 00:03:40 2001 UTC (22 years, 11 months ago) by beck
Branch: MAIN
Changes since 1.4: +15 -9 lines
Diff to previous 1.4 (colored)
openssl-engine-0.9.6a merge
Revision 1.4 / (download) - annotate - [select for diffs], Fri Dec 15 02:58:37 2000 UTC (23 years, 5 months ago) by beck
Branch: MAIN
Changes since 1.3: +29 -25 lines
Diff to previous 1.3 (colored)
openssl-engine-0.9.6 merge
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 19 11:13:30 2000 UTC (24 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.2: +457 -304 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.5 merge *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 04:37:28 1999 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +70 -90 lines
Diff to previous 1.1 (colored)
OpenSSL 0.9.4 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Oct 5 20:13:12 1998 UTC (25 years, 8 months ago) by ryker
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Oct 5 20:13:12 1998 UTC (25 years, 8 months ago) by ryker
Branch: MAIN
Initial revision