![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.142 / (download) - annotate - [select for diffs], Thu May 9 07:55:48 2024 UTC (4 weeks, 5 days ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.141: +2 -3 lines
Diff to previous 1.141 (colored)
ssl_ciph.c: unwrap a line
Revision 1.141 / (download) - annotate - [select for diffs], Thu May 9 07:47:50 2024 UTC (4 weeks, 5 days ago) by tb
Branch: MAIN
Changes since 1.140: +3 -5 lines
Diff to previous 1.140 (colored)
Remove leftover logic of SSL2 support SSL2_CF_8_BYTE_ENC was set by things such as RC4_64_WITH_MD5, which fell victim to tedu's axe a decade ago. Zap that. ok jsing
Revision 1.140 / (download) - annotate - [select for diffs], Sat Mar 2 11:45:51 2024 UTC (3 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.139: +1 -15 lines
Diff to previous 1.139 (colored)
Remove SSL_CIPHER_get_by_{id,value}()
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
Revision 1.139 / (download) - annotate - [select for diffs], Sat Feb 3 15:58:33 2024 UTC (4 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.138: +6 -101 lines
Diff to previous 1.138 (colored)
Remove GOST and STREEBOG support from libssl. This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
Revision 1.138 / (download) - annotate - [select for diffs], Thu Jan 4 20:02:10 2024 UTC (5 months ago) by tb
Branch: MAIN
Changes since 1.137: +6 -5 lines
Diff to previous 1.137 (colored)
Remove last external call to EVP_PKEY_meth_find() In order to determine whether GOST is properly enabled, libssl has various weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see whether the relevant cipher is around. Check the same thing with an #ifdef instead. ok jsing
Revision 1.137 / (download) - annotate - [select for diffs], Sun Nov 19 15:51:49 2023 UTC (6 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.136: +1 -5 lines
Diff to previous 1.136 (colored)
Unifdef OPENSSL_NO_ENGINE in libssl As usual, a few manual fixes to avoid duplicate lines. ok jsing
Revision 1.136 / (download) - annotate - [select for diffs], Sat Jul 8 16:40:13 2023 UTC (11 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.135: +32 -7 lines
Diff to previous 1.135 (colored)
Hide all public symbols in libssl With the guentherizer 9000 ok tb@
Revision 1.135 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:55 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.134: +2 -2 lines
Diff to previous 1.134 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.134 / (download) - annotate - [select for diffs], Thu Sep 8 15:31:12 2022 UTC (21 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.133: +2 -5 lines
Diff to previous 1.133 (colored)
ssl_cipher_process_rulestr: return early if a cipher command is invalid This is a safer fix for the bug where we might read outside rule_str buffer and is how BoringSSL fixed it. OK tb@
Revision 1.133 / (download) - annotate - [select for diffs], Wed Sep 7 21:34:22 2022 UTC (21 months ago) by millert
Branch: MAIN
Changes since 1.132: +3 -2 lines
Diff to previous 1.132 (colored)
ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. OK tb@
Revision 1.132 / (download) - annotate - [select for diffs], Sun Sep 4 07:55:32 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.131: +23 -23 lines
Diff to previous 1.131 (colored)
Make ssl_create_cipher_list() have a single exit This simplifies memory management and makes it easier to see the leak that were introduced in the previous commit. Sprinkle a few malloc errors for consistency. CID 278396 with/ok jsing
Revision 1.131 / (download) - annotate - [select for diffs], Thu Sep 1 15:19:16 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.130: +11 -4 lines
Diff to previous 1.130 (colored)
Check sk_SSL_CIPHER_push() return value CID 24797 ok jsing
Revision 1.130 / (download) - annotate - [select for diffs], Tue Aug 30 20:20:02 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.129: +1 -4 lines
Diff to previous 1.129 (colored)
Remove a commented-out sk_push that has been hanging around for > 20 years
Revision 1.129 / (download) - annotate - [select for diffs], Wed Jun 29 20:06:55 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.128: +2 -7 lines
Diff to previous 1.128 (colored)
Remove a confusing comment discussed with jsing
Revision 1.128 / (download) - annotate - [select for diffs], Wed Jun 29 20:04:28 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.127: +20 -8 lines
Diff to previous 1.127 (colored)
Parse the @SECLEVEL=n annotation in cipher strings To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing
Revision 1.127 / (download) - annotate - [select for diffs], Sat Mar 5 07:13:48 2022 UTC (2 years, 3 months ago) by bket
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
Fix typo in comment OK tb@
Revision 1.126 / (download) - annotate - [select for diffs], Sat Feb 5 14:54:10 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.125: +3 -3 lines
Diff to previous 1.125 (colored)
Bye bye S3I. S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Revision 1.125 / (download) - annotate - [select for diffs], Tue Nov 23 18:26:23 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.124: +5 -2 lines
Diff to previous 1.124 (colored)
Transform a mangled comment into something intelligible. from beck
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jul 3 16:06:44 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.123: +11 -3 lines
Diff to previous 1.123 (colored)
Do a first pass clean up of SSL_METHOD. The num_ciphers, get_cipher_by_char and put_cipher_by_char function pointers use the same function for all methods - call ssl3_num_ciphers() directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and remove the unused ssl3_put_cipher_by_char() code. ok inoguchi@ tb@
Revision 1.123 / (download) - annotate - [select for diffs], Sun May 16 08:24:21 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.122: +2 -1 lines
Diff to previous 1.122 (colored)
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_* Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
Revision 1.122 / (download) - annotate - [select for diffs], Mon May 10 17:03:57 2021 UTC (3 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.121: +7 -1 lines
Diff to previous 1.121 (colored)
Provide SSL_CIPHER_find(3) ok jsing
Revision 1.121 / (download) - annotate - [select for diffs], Wed Mar 24 18:44:00 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.120: +3 -3 lines
Diff to previous 1.120 (colored)
Rename new_cipher to cipher. This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
Revision 1.120 / (download) - annotate - [select for diffs], Sun Feb 7 15:26:32 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.119: +14 -2 lines
Diff to previous 1.119 (colored)
Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). The mess that is ssl_get_algorithm2() only exists to upgrade the handshake MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can readily do this in ssl_get_handshake_evp_md(), which is far more readable. ok tb@
Revision 1.119 / (download) - annotate - [select for diffs], Sun Sep 13 16:49:05 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.118: +15 -2 lines
Diff to previous 1.118 (colored)
Implement SSL_{CTX_,}set_ciphersuites().
OpenSSL added a separate API for configuring TLSv1.3 ciphersuites. Provide
this API, while retaining the current behaviour of being able to configure
TLSv1.3 via the existing interface.
Note that this is not currently exposed in the headers/exported symbols.
ok beck@ inoguchi@ tb@
Revision 1.118 / (download) - annotate - [select for diffs], Fri Sep 11 17:36:27 2020 UTC (3 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.117: +3 -14 lines
Diff to previous 1.117 (colored)
Remove cipher_list_by_id. When parsing a cipher string, a cipher list is created, before being duplicated and sorted - the second copy being stored as cipher_list_by_id. This is done only so that a client can ensure that the cipher selected by a server is in the cipher list. This is pretty pointless given that most clients are short-lived and that we already had to iterate over the cipher list in order to build the client hello. Additionally, any update to the cipher list requires that cipher_list_by_id also be updated and kept in sync. Remove all of this and replace it with a simple linear scan - the overhead of duplicating and sorting the cipher list likely exceeds that of a simple linear scan over the cipher list (64 maximum, more typically ~9 or so). ok beck@ tb@
Revision 1.117 / (download) - annotate - [select for diffs], Sun Apr 19 14:54:14 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.116: +25 -2 lines
Diff to previous 1.116 (colored)
Provide TLSv1.3 cipher suite aliases to match the names used in RFC 8446. ok beck@ inoguchi@ tb@
Revision 1.116 / (download) - annotate - [select for diffs], Sat Apr 18 14:41:05 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.115: +3 -4 lines
Diff to previous 1.115 (colored)
Fix wrapping/indentation.
Revision 1.115 / (download) - annotate - [select for diffs], Sat Apr 18 13:47:58 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.114: +5 -6 lines
Diff to previous 1.114 (colored)
Tweak previous active cipher suite code. Use a boolean value rather than using a counter, as suggested by tb@ during the previous review. ok tb@
Revision 1.114 / (download) - annotate - [select for diffs], Fri Apr 17 17:26:00 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.113: +10 -2 lines
Diff to previous 1.113 (colored)
Only include TLSv1.3 cipher suites if there are active cipher suites. Revise the previous so that we only include TLSv1.3 cipher suites if the cipher rule string resulted in at least one active cipher suite. This more closely matches OpenSSL behaviour. Noted and fix tested by schwarze@ ok beck@ tb@
Revision 1.113 / (download) - annotate - [select for diffs], Thu Apr 9 17:54:38 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.112: +19 -6 lines
Diff to previous 1.112 (colored)
Include TLSv1.3 cipher suites unless cipher string references TLSv1.3. OpenSSL has always taken the approach of enabling almost everything by default. As a result, if you wanted to run a secure TLS client/server you had to specify your own "secure" cipher string, rather than being able to trust the defaults as being sensible and secure. The problem is that with the introduction of TLSv1.3, most of these "secure" cipher strings result in the new TLSv1.3 cipher suites being excluded. The "work around" for this issue in OpenSSL was to add a new TLSv1.3 API (SSL_CTX_set_ciphersuites(), SSL_set_ciphersuites()) and have separate knobs for the pre-TLSv1.3 and TLSv1.3 cipher suites. This of course means that every application now needs to call two APIs, but it does mean that applications that only call SSL_CTX_set_cipher_list()/SSL_set_cipher_list() cannot remove TLSv1.3 cipher suites and prevent TLSv1.3 from working. We've taken a different approach and have allowed TLSv1.3 cipher suites to be manipulated via the existing SSL_set_cipher_list() API. However, in order to avoid problems with hardcoded cipher strings, change this behaviour so that we always include TLSv1.3 cipher suites unless the cipher string has a specific reference to the TLSv1.3 protocol or a TLSv1.3 cipher suite. This means that: $ openssl ciphers -v TLSv1.2:!TLSv1.3 still gives TLSv1.2 only cipher suites and: $ openssl ciphers -v AEAD-CHACHA20-POLY1305-SHA256 only lists a single TLSv1.3 cipher, however: $ openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 now includes both TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 and all TLSv1.3 cipher suites (which also matches OpenSSL's openssl(1) behaviour). Issue encountered by kn@ with mumble. ok tb@
Revision 1.112 / (download) - annotate - [select for diffs], Thu Apr 9 17:24:11 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.111: +3 -4 lines
Diff to previous 1.111 (colored)
Tidy line wrapping and remove an extra blank line.
Revision 1.111 / (download) - annotate - [select for diffs], Thu Apr 9 17:22:52 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
ssl_aes_is_accelerated() returns a boolean - treat it as such, rather than explicitly comparing against a value.
Revision 1.110 / (download) - annotate - [select for diffs], Sun Jan 26 12:39:16 2020 UTC (4 years, 4 months ago) by inoguchi
Branch: MAIN
Changes since 1.109: +2 -2 lines
Diff to previous 1.109 (colored)
Fix SSL_CIPHER_description ok jsing@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Jan 24 04:38:12 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.108: +7 -1 lines
Diff to previous 1.108 (colored)
Add strings for SSL_aTLS1_3 and SSL_kTLS1_3 to SSL_CIPHER_description(). Mkaes `openssl ciphers -v` print au and kx values for TLSv1.3 cipher suites. ok beck@ tb@
Revision 1.108 / (download) - annotate - [select for diffs], Thu Apr 4 16:44:24 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.107: +42 -174 lines
Diff to previous 1.107 (colored)
Clean up the cipher/digest table mess. The original implementation allows for libcrypto to be compiled without a given algorithm and libssl then detects that ciphers or digests are unavailable so that it can disable the associated cipher suites. This is unnecessary since we do not compile out algorithms. ok beck@, tb@ (a while back)
Revision 1.107 / (download) - annotate - [select for diffs], Sun Mar 24 17:10:54 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.106: +4 -3 lines
Diff to previous 1.106 (colored)
If ssl_cipher_apply_rule() is given a specific cipher suite, match on it. Otherwise matching a specific cipher is performed by matching against its characteristics, which can result in multiple rather than a single match. Found by bluhm@'s regress tests. ok bluhm@ tb@
Revision 1.106 / (download) - annotate - [select for diffs], Wed Nov 7 01:53:36 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.105: +12 -3 lines
Diff to previous 1.105 (colored)
Add TLSv1.3 cipher suites (with appropriate guards). ok beck@ tb@
Revision 1.105 / (download) - annotate - [select for diffs], Sat Sep 8 14:39:41 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.104: +14 -6 lines
Diff to previous 1.104 (colored)
Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE. ok inoguchi@ tb@
Revision 1.104 / (download) - annotate - [select for diffs], Sat Sep 8 14:29:52 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.103: +9 -12 lines
Diff to previous 1.103 (colored)
SSL_MAX_DIGEST is no longer needed.
Revision 1.103 / (download) - annotate - [select for diffs], Thu Sep 6 16:40:45 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.102: +3 -5 lines
Diff to previous 1.102 (colored)
Drop SSL_CIPHER_ALGORITHM2_AEAD flag. All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can condition on that rather than having a separate redundant flag. ok tb@
Revision 1.102 / (download) - annotate - [select for diffs], Mon Sep 3 18:00:50 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.101: +7 -25 lines
Diff to previous 1.101 (colored)
Stop using composite EVP_CIPHER AEADs. The composite AEADs are "stitched" mode ciphers, that are only supported on some architectures/CPUs and are designed to be faster than a separate EVP_CIPHER and EVP_MD implementation. The three AEADs are used for less than ideal cipher suites (if you have hardware support that these use there are better cipher suite options), plus continuing to support AEADs via EVP_CIPHER is creating additional code complexity. ok inoguchi@ tb@
Revision 1.101 / (download) - annotate - [select for diffs], Mon Sep 3 17:45:24 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.100: +3 -20 lines
Diff to previous 1.100 (colored)
Stop handling AES-GCM via ssl_cipher_get_evp(). All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no need to support them via EVP_CIPHER. ok inoguchi@ tb@
Revision 1.100 / (download) - annotate - [select for diffs], Mon Sep 3 17:41:13 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.99: +13 -41 lines
Diff to previous 1.99 (colored)
Clean up SSL_DES and SSL_IDEA remnants. All ciphersuites that used these encryption algorithms were removed some time ago. ok bcook@ inoguchi@ tb@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Apr 25 07:10:39 2018 UTC (6 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
Revision 1.98 / (download) - annotate - [select for diffs], Sat Mar 17 14:40:45 2018 UTC (6 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.97: +99 -1 lines
Diff to previous 1.97 (colored)
Provide SSL_CIPHER_get_auth_nid(), SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_is_aead().
Revision 1.97 / (download) - annotate - [select for diffs], Mon Aug 28 16:37:04 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.96: +2 -12 lines
Diff to previous 1.96 (colored)
Remove the original (pre-IETF) chacha20-poly1305 cipher suites. Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt <obsd at bartula dot de>. ok beck@ doug@
Revision 1.96 / (download) - annotate - [select for diffs], Fri Mar 10 16:03:27 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.95: +1 -21 lines
Diff to previous 1.95 (colored)
Remove the handshake digests and related code, replacing remaining uses with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
Revision 1.95 / (download) - annotate - [select for diffs], Sun Mar 5 14:39:53 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.94: +29 -1 lines
Diff to previous 1.94 (colored)
Provide a rolling handshake hash that commences as soon as the cipher suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
Revision 1.94 / (download) - annotate - [select for diffs], Tue Feb 21 15:28:27 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.93: +4 -22 lines
Diff to previous 1.93 (colored)
Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suites that make use of it. ok bcook@ inoguchi@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.92: +6 -6 lines
Diff to previous 1.92 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.92 / (download) - annotate - [select for diffs], Thu Jan 26 12:16:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.91: +3 -5 lines
Diff to previous 1.91 (colored)
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
Revision 1.91 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.90: +6 -6 lines
Diff to previous 1.90 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.90 / (download) - annotate - [select for diffs], Tue Jan 24 01:44:00 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.89: +3 -5 lines
Diff to previous 1.89 (colored)
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
Revision 1.89 / (download) - annotate - [select for diffs], Sun Nov 6 12:08:32 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.88: +1 -6 lines
Diff to previous 1.88 (colored)
Remove the single IDEA cipher suite. There is no good reason to support this. ok beck@ bcook@
Revision 1.88 / (download) - annotate - [select for diffs], Sun Nov 6 11:58:13 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.87: +1 -3 lines
Diff to previous 1.87 (colored)
unifdef -m -UOPENSSL_NO_CHACHA -UOPENSSL_NO_POLY1305 ok beck@
Revision 1.87 / (download) - annotate - [select for diffs], Wed Oct 19 16:38:40 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.86: +2 -30 lines
Diff to previous 1.86 (colored)
Remove support for fixed ECDH cipher suites - these is not widely supported and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
Revision 1.86 / (download) - annotate - [select for diffs], Thu Apr 28 16:39:45 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.85: +16 -6 lines
Diff to previous 1.85 (colored)
Implement the IETF ChaCha20-Poly1305 cipher suites. Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
Revision 1.85 / (download) - annotate - [select for diffs], Thu Apr 28 16:06:53 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)
Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old() and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
Revision 1.84 / (download) - annotate - [select for diffs], Sat Dec 12 22:04:10 2015 UTC (8 years, 6 months ago) by mmcc
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored)
decipher comment. ok bcook@
Revision 1.83 / (download) - annotate - [select for diffs], Sun Sep 13 12:34:02 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
Switch to miod's shiny new OPENSSL_cpu_caps() and we can now also enable the AES acceleration checking for i386. ok beck@ miod@
Revision 1.82 / (download) - annotate - [select for diffs], Sun Sep 13 09:10:01 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.81: +30 -7 lines
Diff to previous 1.81 (colored)
If we have hardware acceleration for AES, prefer AES as a symmetric cipher over CHACHA20. Otherwise, prefer CHACHA20 with AES second. ok beck@ miod@
Revision 1.81 / (download) - annotate - [select for diffs], Sat Feb 7 04:17:11 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.80: +19 -1 lines
Diff to previous 1.80 (colored)
Provide a SSL_CIPHER_get_by_value() function that allows a cipher to be retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
Revision 1.80 / (download) - annotate - [select for diffs], Mon Jan 26 13:06:39 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.79: +5 -1 lines
Diff to previous 1.79 (colored)
Add AEAD as a "MAC alias" so that it is possible to identify/select ciphers that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers (effectively the only ciphers that are still considered to be secure) to be selected using TLSv1.2+AEAD as a cipher string. ok bcook@ doug@ miod@
Revision 1.79 / (download) - annotate - [select for diffs], Sun Dec 14 15:30:50 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.78: +20 -20 lines
Diff to previous 1.78 (colored)
Remove trailing whitespace.
Revision 1.78 / (download) - annotate - [select for diffs], Wed Dec 10 15:36:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.77: +4 -13 lines
Diff to previous 1.77 (colored)
Remove support for GOST R 34.10-94 signature authentication, along with the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
Revision 1.77 / (download) - annotate - [select for diffs], Sun Dec 7 12:13:06 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.76: +8 -46 lines
Diff to previous 1.76 (colored)
Remove get_optional_pkey_id() - it is a hack that existed due to GOST only sometimes being available... and when it was available it was via the crypto engine. GOST is now part of libcrypto proper. Instead of trying to do EVP PKEY lookups via string literals and the ASN1 interfaces, lookup the methods directly using the appropriate NID. ok bcook@
Revision 1.76 / (download) - annotate - [select for diffs], Sat Dec 6 15:27:45 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.75: +2 -5 lines
Diff to previous 1.75 (colored)
Remove now bogus comment that got missed in the GOST commit.
Revision 1.75 / (download) - annotate - [select for diffs], Sat Dec 6 15:25:40 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.74: +63 -63 lines
Diff to previous 1.74 (colored)
Fix some horrible style(9) violations...
Revision 1.74 / (download) - annotate - [select for diffs], Tue Nov 18 05:33:43 2014 UTC (9 years, 6 months ago) by miod
Branch: MAIN
Changes since 1.73: +60 -10 lines
Diff to previous 1.73 (colored)
Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov. This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
Revision 1.73 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.72: +4 -1 lines
Diff to previous 1.72 (colored)
Sort and group includes.
Revision 1.72 / (download) - annotate - [select for diffs], Sat Nov 8 15:21:02 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.71: +5 -17 lines
Diff to previous 1.71 (colored)
Clean up more SSLv2 remnants.
Revision 1.71 / (download) - annotate - [select for diffs], Sun Nov 2 10:42:38 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.70: +12 -40 lines
Diff to previous 1.70 (colored)
Remove remnants from RC2 and SEED - there are no longer any cipher suites that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
Revision 1.70 / (download) - annotate - [select for diffs], Wed Oct 15 13:57:21 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.69: +11 -1 lines
Diff to previous 1.69 (colored)
Add cipher aliases for DHE (the correct name for EDH) and ECDHE (the correct name for EECDH). The EDH and EECDH aliases remain for backwards compatibility.
Revision 1.69 / (download) - annotate - [select for diffs], Fri Oct 3 06:02:38 2014 UTC (9 years, 8 months ago) by doug
Branch: MAIN
Changes since 1.68: +3 -3 lines
Diff to previous 1.68 (colored)
Use string literals in printf style calls so gcc's -Wformat works. ok tedu@, miod@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Sep 19 16:02:35 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.67: +5 -1 lines
Diff to previous 1.67 (colored)
Add CHACHA20 as a cipher symmetric encryption alias. From Ming <gzchenym at 126.com>
Revision 1.67 / (download) - annotate - [select for diffs], Sun Sep 7 12:16:23 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.66: +9 -39 lines
Diff to previous 1.66 (colored)
Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them, nor do we plan on supporting them. ok guenther@
Revision 1.66 / (download) - annotate - [select for diffs], Sat Jul 12 22:33:39 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.65: +14 -14 lines
Diff to previous 1.65 (colored)
The correct name for EDH is DHE, likewise EECDH should be ECDHE. Based on changes to OpenSSL trunk. ok beck@ miod@
Revision 1.65 / (download) - annotate - [select for diffs], Sat Jul 12 13:11:53 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.64: +3 -59 lines
Diff to previous 1.64 (colored)
Remove remnants from PSK, KRB5 and SRP. ok beck@ miod@
Revision 1.64 / (download) - annotate - [select for diffs], Sat Jul 12 07:52:36 2014 UTC (9 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.63: +9 -9 lines
Diff to previous 1.63 (colored)
Make disabling last cipher work. From Thijs Alkemade via OpenSSL trunk ok miod@
Revision 1.63 / (download) - annotate - [select for diffs], Fri Jul 11 09:24:44 2014 UTC (9 years, 11 months ago) by beck
Branch: MAIN
Changes since 1.62: +1 -3 lines
Diff to previous 1.62 (colored)
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
Revision 1.62 / (download) - annotate - [select for diffs], Thu Jul 10 11:58:08 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.61: +1 -5 lines
Diff to previous 1.61 (colored)
Remove more compression tendrils. ok tedu@
Revision 1.61 / (download) - annotate - [select for diffs], Thu Jul 10 10:09:54 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.60: +1 -10 lines
Diff to previous 1.60 (colored)
Remove more compression related code.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Jul 10 09:26:08 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.59: +19 -1 lines
Diff to previous 1.59 (colored)
Put back some parts of the public SSL API that should not have been completely decompressed.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Jul 10 08:51:15 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.58: +2 -173 lines
Diff to previous 1.58 (colored)
decompress libssl. ok beck jsing
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jul 9 14:20:55 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.57: +54 -54 lines
Diff to previous 1.57 (colored)
Clean up and simplify SSL_CIPHER_description by always using asprintf. If a buffer was supplied then we copy the result into it. Also make the failure case return values match the documentation. Joint work with beck@
Revision 1.57 / (download) - annotate - [select for diffs], Wed Jul 9 11:25:42 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.56: +11 -53 lines
Diff to previous 1.56 (colored)
tedu the SSL export cipher handling - since we do not have enabled export ciphers we no longer need the flags or code to support it. ok beck@ miod@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jul 8 21:50:40 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.55: +1 -8 lines
Diff to previous 1.55 (colored)
Remove SSL_FIPS. ok deraadt@ miod@
Revision 1.55 / (download) - annotate - [select for diffs], Wed Jun 18 04:48:37 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.54: +11 -11 lines
Diff to previous 1.54 (colored)
Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description() when no storage buffer is passed. ok deraadt@ tedu@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Jun 18 04:47:32 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
In SSL_COMP_add_compression_method(), make sure error cases actually return `error' rather than `success'. ok deraadt@
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 13 13:28:53 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.52: +14 -2 lines
Diff to previous 1.52 (colored)
Add ChaCha20-Poly1305 based ciphersuites. Based on Adam Langley's chromium patches. Tested by and ok sthen@
Revision 1.52 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.51: +1 -1 lines
Diff to previous 1.51 (colored)
tags as requested by miod and tedu
Revision 1.51 / (download) - annotate - [select for diffs], Sun Jun 8 16:24:49 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.50: +38 -0 lines
Diff to previous 1.50 (colored)
Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher as using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
Revision 1.50 / (download) - annotate - [select for diffs], Sun Jun 1 01:46:13 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.49: +332 -92 lines
Diff to previous 1.49 (colored)
Use C99 initialisers for cipher_aliases. This improves readability, removes the need for zero values to be specified (meaning that we usually specify two fields instead of 12), makes the field names grepable and protects from future field reordering/removal. ok beck@ miod@
Revision 1.49 / (download) - annotate - [select for diffs], Fri May 30 14:31:03 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.48: +73 -56 lines
Diff to previous 1.48 (colored)
More KNF.
Revision 1.48 / (download) - annotate - [select for diffs], Thu May 29 18:11:13 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.47: +0 -11 lines
Diff to previous 1.47 (colored)
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them. ok deraadt jsing
Revision 1.47 / (download) - annotate - [select for diffs], Thu May 29 17:13:48 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.46: +1 -1 lines
Diff to previous 1.46 (colored)
repair KNF indent
Revision 1.46 / (download) - annotate - [select for diffs], Tue May 27 13:44:06 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.45: +8 -4 lines
Diff to previous 1.45 (colored)
Wrap some long lines.
Revision 1.45 / (download) - annotate - [select for diffs], Tue May 27 13:36:27 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.44: +0 -4 lines
Diff to previous 1.44 (colored)
Remove MemCheck_{on,off} that escaped last time around.
Revision 1.44 / (download) - annotate - [select for diffs], Tue May 27 13:11:56 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
More KNF.
Revision 1.43 / (download) - annotate - [select for diffs], Mon May 26 20:20:51 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.42: +4 -0 lines
Diff to previous 1.42 (colored)
Unchecked malloc() return value in SSL_COMP_add_compression_method(), in the !OPENSSL_NO_COMP case. Does not affect OpenBSD as we compile the opposite code path.
Revision 1.42 / (download) - annotate - [select for diffs], Sun May 25 16:23:10 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.41: +0 -13 lines
Diff to previous 1.41 (colored)
Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
Revision 1.41 / (download) - annotate - [select for diffs], Sun May 25 13:32:51 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.40: +0 -2 lines
Diff to previous 1.40 (colored)
Turn off MemCheck_on and MemCheck_off. These calls are pointless since the crypto memory debugging code has been castrated. ok miod@ "kill it" beck@
Revision 1.40 / (download) - annotate - [select for diffs], Sun May 25 13:27:38 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.39: +32 -22 lines
Diff to previous 1.39 (colored)
The ssl_ciper_get_evp() function is currently overloaded to also return the compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
Revision 1.39 / (download) - annotate - [select for diffs], Sat May 24 19:27:48 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
In ssl_cipher_get_evp(), fix off-by-one in index validation before accessing arrays. "kind of scary" deraadt@, ok guenther@
Revision 1.38 / (download) - annotate - [select for diffs], Tue May 20 16:59:05 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.37: +0 -14 lines
Diff to previous 1.37 (colored)
KSSL is dead... nuke KSSL_DEBUG from orbit. ok beck@ miod@
Revision 1.37 / (download) - annotate - [select for diffs], Mon May 5 15:03:22 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.36: +0 -4 lines
Diff to previous 1.36 (colored)
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
Revision 1.36 / (download) - annotate - [select for diffs], Tue Apr 22 14:27:25 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
switch to reallocarray
Revision 1.35 / (download) - annotate - [select for diffs], Mon Apr 21 16:48:59 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
use mallocarray(a,b) instead of malloc(a*b)
Revision 1.34 / (download) - annotate - [select for diffs], Mon Apr 21 16:34:43 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
more malloc/realloc/calloc cleanups; ok beck kettenis
Revision 1.33 / (download) - annotate - [select for diffs], Sun Apr 20 10:31:43 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.32: +1 -2 lines
Diff to previous 1.32 (colored)
Use calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know if this instance is integer-overflowable, but we cannot keep hand-auditing every instance (or apathetically ignoring these issues) when the simple calloc idiom is better in the presence of a good calloc(). It is simply unfeasible to always enter correct range checks before the aggregate size calculation, just go find some 4000 lines of code, REPAIR THEM ALL, then come back and tell me I am wrong. This only works on systems where calloc() does the integer overflow check, but if your system doesn't do this, you need to ask your vendor WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE? This is the kind of problem that needs to be solved at the right layer. malloc integer-overflow was implicated in the 2002 OpenSSH hole. OpenSSH and much other code is now written to use calloc(), for instance OpenSSH has 103 calls to it. We feel safer with our use of calloc(). It is a natural approach for us to use calloc(). How safe do you feel on systems which lack that range check in their calloc()? Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917
Revision 1.32 / (download) - annotate - [select for diffs], Sat Apr 19 08:52:32 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.31: +18 -18 lines
Diff to previous 1.31 (colored)
More KNF and style consistency tweaks
Revision 1.31 / (download) - annotate - [select for diffs], Thu Apr 17 21:37:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.30: +0 -7 lines
Diff to previous 1.30 (colored)
always build in RSA and DSA. ok deraadt miod
Revision 1.30 / (download) - annotate - [select for diffs], Thu Apr 17 13:37:50 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.29: +17 -17 lines
Diff to previous 1.29 (colored)
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
Revision 1.29 / (download) - annotate - [select for diffs], Wed Apr 16 20:39:09 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.28: +2 -0 lines
Diff to previous 1.28 (colored)
add back SRP. i was being too greedy.
Revision 1.28 / (download) - annotate - [select for diffs], Wed Apr 16 17:59:16 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.27: +0 -2 lines
Diff to previous 1.27 (colored)
disentangle SRP code from TLS
Revision 1.27 / (download) - annotate - [select for diffs], Tue Apr 15 20:23:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.26: +44 -50 lines
Diff to previous 1.26 (colored)
repair some whitespace
Revision 1.26 / (download) - annotate - [select for diffs], Tue Apr 15 19:42:56 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.25: +1 -14 lines
Diff to previous 1.25 (colored)
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok miod
Revision 1.25 / (download) - annotate - [select for diffs], Tue Apr 15 17:46:17 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.24: +0 -4 lines
Diff to previous 1.24 (colored)
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Apr 14 18:53:14 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.23: +7 -4 lines
Diff to previous 1.23 (colored)
Flense all use of BIO_snprintf from ssl source - use the real one instead, and allow for the normal posix mandated return values instead of the nonstandard one from BIO_snprintf. ok miod@
Revision 1.23 / (download) - annotate - [select for diffs], Mon Apr 14 13:10:35 2014 UTC (10 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.22: +680 -713 lines
Diff to previous 1.22 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.22 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.21: +3 -2 lines
Diff to previous 1.21 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.15 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 2 months ago) by miod
Changes since 1.1.1.14: +3 -2 lines
Diff to previous 1.1.1.14 (colored)
Import OpenSSL 1.0.1g
Revision 1.21 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.20: +119 -14 lines
Diff to previous 1.20 (colored)
resolve conflicts
Revision 1.1.1.14 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:50 2012 UTC (11 years, 8 months ago) by djm
Changes since 1.1.1.13: +119 -14 lines
Diff to previous 1.1.1.13 (colored)
import OpenSSL-1.0.1c
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 5 23:01:39 2012 UTC (12 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.19: +1 -0 lines
Diff to previous 1.19 (colored)
OpenSSL 1.0.0f: merge
Revision 1.1.1.13 / (download) - annotate - [select for diffs] (vendor branch), Thu Jan 5 22:59:09 2012 UTC (12 years, 5 months ago) by djm
Changes since 1.1.1.12: +1 -0 lines
Diff to previous 1.1.1.12 (colored)
OpenSSL 1.0.0f: import upstream source
Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 3 02:34:33 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.18: +2 -4 lines
Diff to previous 1.18 (colored)
openssl-1.0.0e: resolve conflicts
Revision 1.1.1.12 / (download) - annotate - [select for diffs] (vendor branch), Thu Nov 3 02:32:21 2011 UTC (12 years, 7 months ago) by djm
Changes since 1.1.1.11: +2 -4 lines
Diff to previous 1.1.1.11 (colored)
import OpenSSL 1.0.0e
Revision 1.18 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.17: +691 -330 lines
Diff to previous 1.17 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.11 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.10: +689 -328 lines
Diff to previous 1.1.1.10 (colored)
import OpenSSL-1.0.0a
Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 6 06:33:20 2009 UTC (15 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.16: +1 -1 lines
Diff to previous 1.16 (colored)
resolve conflicts
Revision 1.1.1.10 / (download) - annotate - [select for diffs] (vendor branch), Mon Apr 6 06:30:07 2009 UTC (15 years, 2 months ago) by djm
Changes since 1.1.1.9: +1 -1 lines
Diff to previous 1.1.1.9 (colored)
import of OpenSSL 0.9.8k
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 9 12:15:52 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.15: +3 -0 lines
Diff to previous 1.15 (colored)
resolve conflicts
Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:07 2009 UTC (15 years, 5 months ago) by djm
Changes since 1.1.1.8: +13 -0 lines
Diff to previous 1.1.1.8 (colored)
import openssl-0.9.8j
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.14: +10 -0 lines
Diff to previous 1.14 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Sep 6 12:17:53 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.13: +307 -72 lines
Diff to previous 1.13 (colored)
resolve conflicts
Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Changes since 1.1.1.7: +307 -72 lines
Diff to previous 1.1.1.7 (colored)
import of OpenSSL 0.9.8h
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 27 05:07:03 2006 UTC (17 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.12: +23 -41 lines
Diff to previous 1.12 (colored)
resolve conflicts
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Tue Jun 27 05:05:39 2006 UTC (17 years, 11 months ago) by djm
Changes since 1.1.1.6: +23 -41 lines
Diff to previous 1.1.1.6 (colored)
import of openssl-0.9.7j
Revision 1.12 / (download) - annotate - [select for diffs], Fri Apr 29 05:39:31 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.11: +16 -5 lines
Diff to previous 1.11 (colored)
resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 29 05:37:28 2005 UTC (19 years, 1 month ago) by djm
Changes since 1.1.1.5: +16 -5 lines
Diff to previous 1.1.1.5 (colored)
import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Apr 8 08:03:15 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.10: +40 -39 lines
Diff to previous 1.10 (colored)
merge 0.9.7d
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Wed Apr 7 20:42:07 2004 UTC (20 years, 2 months ago) by markus
Changes since 1.1.1.4: +46 -39 lines
Diff to previous 1.1.1.4 (colored)
import openssl-0.9.7d
Revision 1.10 / (download) - annotate - [select for diffs], Wed Oct 1 05:52:45 2003 UTC (20 years, 8 months ago) by cloder
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
Correct some off-by-ones. They currently don't matter, but this is for future safety and consistency. OK krw@, markus@
Revision 1.9 / (download) - annotate - [select for diffs], Mon May 12 02:18:40 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.8: +10 -4 lines
Diff to previous 1.8 (colored)
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Sun May 11 21:36:42 2003 UTC (21 years, 1 month ago) by markus
Changes since 1.1.1.3: +10 -4 lines
Diff to previous 1.1.1.3 (colored)
import 0.9.7b (without idea and rc5)
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 10 16:31:57 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.7: +8 -7 lines
Diff to previous 1.7 (colored)
merge openssl-0.9.7-beta3, tested on vax by miod@
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 22:44:27 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.2: +8 -7 lines
Diff to previous 1.1.1.2 (colored)
import openssl-0.9.7-beta3
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:51:40 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.1: +717 -343 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jun 7 19:55:34 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.6: +6 -0 lines
Diff to previous 1.6 (colored)
do not propose IDEA cipher on SSL connection. tested by beck noticed by Sverre Froyen <sverre@viewmark.com>
Revision 1.6 / (download) - annotate - [select for diffs], Wed May 15 02:29:20 2002 UTC (22 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.5: +69 -8 lines
Diff to previous 1.5 (colored)
OpenSSL 0.9.7 stable 2002 05 08 merge
Revision 1.5 / (download) - annotate - [select for diffs], Fri Dec 15 02:58:40 2000 UTC (23 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.4: +17 -15 lines
Diff to previous 1.4 (colored)
openssl-engine-0.9.6 merge
Revision 1.4 / (download) - annotate - [select for diffs], Sat Apr 15 06:18:50 2000 UTC (24 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.3: +39 -38 lines
Diff to previous 1.3 (colored)
OpenSSL 0.9.5a merge
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 19 11:13:32 2000 UTC (24 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.2: +538 -305 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.5 merge *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 04:37:29 1999 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +135 -58 lines
Diff to previous 1.1 (colored)
OpenSSL 0.9.4 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Oct 5 20:13:13 1998 UTC (25 years, 8 months ago) by ryker
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Oct 5 20:13:13 1998 UTC (25 years, 8 months ago) by ryker
Branch: MAIN
Initial revision