Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16 / (download) - annotate - [select for diffs], Sun May 19 07:12:50 2024 UTC (2 weeks ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.15: +1 -2 lines
Diff to previous 1.15 (colored)
remove prototypes with no matching function feedback and ok tb@
Revision 1.15 / (download) - annotate - [select for diffs], Fri May 10 05:08:05 2024 UTC (3 weeks, 2 days ago) by tb
Branch: MAIN
Changes since 1.14: +1 -15 lines
Diff to previous 1.14 (colored)
Remove fixed nonce length information from algorithm2 This information has been part of tls12_key_block_generate() for a while now. It remained in this table because at that point SSL_CIPHER was still public. Nothing can access algorithm2 anymore from the outside, so this is dead weight. ok jsing
Revision 1.14 / (download) - annotate - [select for diffs], Tue Mar 26 03:44:11 2024 UTC (2 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.13: +4 -1 lines
Diff to previous 1.13 (colored)
Add an indicator that an extension has been processed. ok jsing@
Revision 1.13 / (download) - annotate - [select for diffs], Sat Feb 3 15:58:34 2024 UTC (3 months, 4 weeks ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.12: +2 -18 lines
Diff to previous 1.12 (colored)
Remove GOST and STREEBOG support from libssl. This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
Revision 1.12 / (download) - annotate - [select for diffs], Fri Dec 29 12:24:33 2023 UTC (5 months ago) by tb
Branch: MAIN
Changes since 1.11: +1 -4 lines
Diff to previous 1.11 (colored)
Neuter the SSL_set_debug(3) API The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 29 13:39:34 2023 UTC (6 months ago) by tb
Branch: MAIN
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored)
Convert ssl3_cipher_by_id() to bsearch() This was previously the only user of OBJ_bsearch_ssl_cipher_id(), which in turn is the one remaining user of OBJ_bsearch_() outside of libcrypto. OBJ_bsearch_() is OpenSSL's idiosyncratic reimplementation of ANSI C89's bsearch(). Since this used to be hidden behind macro insanity, the result was three inscrutable layers of comparison functions. It is much simpler and cleaner to use the standard API. Move all the code to s3_lib.c, since it's ony used there. In a few further diffs, OBJ_bsearch_() will be removed from libcrypto. Unfortunately, we'll need to keep OBJ_bsearch_ex(), because it is exposed via sk_find_ex(), which is exposed by M2Crypto... ok jsing
Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 29 13:29:34 2023 UTC (6 months ago) by tb
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
Use a long for id in ssl3_get_cipher_by_id() While the cipher id is effectively a 32-bit value, someone decided that it should be represented by a long in various internal structs, whose mameber is passed as id. So use a long because of this and also to make an upcoming diff simpler. ok jsing
Revision 1.9 / (download) - annotate - [select for diffs], Sat Nov 25 12:05:08 2023 UTC (6 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
Move ssl_cipher_id_cmp() next to its only caller It was left alone and forlorn in the middle of other nonsense. Since there is only one caller (the OBJ_bsearch_ stupidity), it can be static and there is no need to prototype it in ssl_local.h.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Nov 19 15:51:49 2023 UTC (6 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.7: +1 -7 lines
Diff to previous 1.7 (colored)
Unifdef OPENSSL_NO_ENGINE in libssl As usual, a few manual fixes to avoid duplicate lines. ok jsing
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jul 6 07:56:32 2023 UTC (10 months, 4 weeks ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.6: +1 -13 lines
Diff to previous 1.6 (colored)
unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo And remove the tendrils. This was useful for transition but we are now well past this.
Revision 1.6 / (download) - annotate - [select for diffs], Fri May 26 13:44:05 2023 UTC (12 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.5: +4 -2 lines
Diff to previous 1.5 (colored)
Move verified_chain from SSL to SSL_HANDSHAKE This is a better version of the fix for the missing pointer invalidation but a bit larger, so errata got the minimal fix. tested by jcs ok jsing
Revision 1.5 / (download) - annotate - [select for diffs], Tue Apr 25 07:48:15 2023 UTC (13 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.4: +3 -1 lines
Diff to previous 1.4 (colored)
Unbreak tree: file missed in last commit Reported by anton
Revision 1.4 / (download) - annotate - [select for diffs], Sun Apr 23 18:51:53 2023 UTC (13 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
Randomize the order of TLS extensions On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello. Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed. This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045 Input & ok jsing
Revision 1.3 / (download) - annotate - [select for diffs], Mon Dec 26 07:31:44 2022 UTC (17 months, 1 week ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
spelling fixes; from paul tagliamonte ok tb
Revision 1.2 / (download) - annotate - [select for diffs], Sat Nov 26 17:23:18 2022 UTC (18 months ago) by tb
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)
Make header guards of internal headers consistent Not all of them, only those that didn't leak into a public header... Yes.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:55 2022 UTC (18 months ago) by tb
Branch: MAIN
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook