![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.51 / (download) - annotate - [select for diffs], Sat Dec 30 06:25:56 2023 UTC (5 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.50: +25 -17 lines
Diff to previous 1.50 (colored)
Fix two more unchecked EVP_PKEY_assign() calls
In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to
EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for
the duration of ssl_set_pkey(). Use single exit and other minor style
cleanups.
ok joshua jsing
Revision 1.50 / (download) - annotate - [select for diffs], Sat Jul 8 16:40:13 2023 UTC (11 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.49: +22 -1 lines
Diff to previous 1.49 (colored)
Hide all public symbols in libssl With the guentherizer 9000 ok tb@
Revision 1.49 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.48 / (download) - annotate - [select for diffs], Wed Aug 31 20:49:37 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.47: +12 -4 lines
Diff to previous 1.47 (colored)
Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters() EVP_PKEY_copy_parameters() will unconditionally fail if the pkey's ameth has no copy_params(). Obviously this is indistinguishable from actual failure... ok jsing
Revision 1.47 / (download) - annotate - [select for diffs], Wed Aug 31 20:20:53 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.46: +4 -8 lines
Diff to previous 1.46 (colored)
Revert r1.46. Causes fireworks in regress.
Revision 1.46 / (download) - annotate - [select for diffs], Wed Aug 31 06:51:36 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.45: +9 -5 lines
Diff to previous 1.45 (colored)
Avoid potential NULL dereference in ssl_set_pkey() Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will dereference NULL. CID 25020 ok jsing
Revision 1.45 / (download) - annotate - [select for diffs], Thu Jun 30 09:08:35 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.44: +10 -9 lines
Diff to previous 1.44 (colored)
Rename use_* to ssl_use_* for consistency. discussed with jsing
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jun 29 21:18:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.43: +2 -6 lines
Diff to previous 1.43 (colored)
Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx
ok beck jsing
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jun 29 21:17:22 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
ssl_cert_set{0,1}_chain() take ssl/ctx
ok beck jsing
Revision 1.42 / (download) - annotate - [select for diffs], Wed Jun 29 21:16:30 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.41: +7 -1 lines
Diff to previous 1.41 (colored)
Add a security check to ssl_set_cert() ok beck jsing
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jun 29 21:13:34 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.40: +20 -12 lines
Diff to previous 1.40 (colored)
Make ssl_set_{cert,pkey} take an ssl/ctx
ok beck jsing
Revision 1.40 / (download) - annotate - [select for diffs], Wed Jun 29 21:12:19 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.39: +33 -19 lines
Diff to previous 1.39 (colored)
Refactor use_certificate_chain_* to take ssl/ctx instead of a cert ok beck jsing
Revision 1.39 / (download) - annotate - [select for diffs], Thu Feb 3 16:33:12 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
Cleanup/simplify ssl_cert_type() Remove the X509 argument as it is unused - this was passed so that ssl_cert_type() can get the public key from the X509 object if the EVP_PKEY argument is NULL, however this is never the case. ok tb@
Revision 1.38 / (download) - annotate - [select for diffs], Sat Jan 8 12:43:44 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.37: +9 -9 lines
Diff to previous 1.37 (colored)
Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY. Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@
Revision 1.37 / (download) - annotate - [select for diffs], Mon Nov 29 18:36:27 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.36: +8 -8 lines
Diff to previous 1.36 (colored)
Stop using BIO_s_file_inernal() in libssl. BIO_s_file_internal() should never have leaked out of libcrypto, but it did. As a first step of getting rid of it, stop using it internally. ok jsing
Revision 1.36 / (download) - annotate - [select for diffs], Fri Nov 26 16:40:02 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.35: +25 -27 lines
Diff to previous 1.35 (colored)
Simplify two weirdly formatted pieces of code in ssl_rsa.c and stop reaching into the EVP_PKEY struct. ok inoguchi jsing
Revision 1.35 / (download) - annotate - [select for diffs], Sat Oct 23 16:11:30 2021 UTC (2 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Unhandroll X509_up_ref() ok beck jsing
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jun 11 11:13:53 2021 UTC (3 years ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.33: +9 -9 lines
Diff to previous 1.33 (colored)
Indent all labels with a single space. This ensures that diff reports the correct function prototype. Prompted by tb@
Revision 1.33 / (download) - annotate - [select for diffs], Sun May 16 14:10:43 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)
Make local header inclusion consistent. Consistently include local headers in the same location, using the same grouping/sorting across all files.
Revision 1.32 / (download) - annotate - [select for diffs], Fri Mar 19 19:51:07 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.31: +36 -14 lines
Diff to previous 1.31 (colored)
Prepare to provide SSL_use_certificate_chain_file() This is the same as SSL_CTX_use_certificate_chain_file() but for an SSL object instead of an SSL_CTX object. remi found this in a recent librelp update, so we need to provide it. The function will be exposed in an upcoming library bump. ok inoguchi on an earlier version, input/ok jsing
Revision 1.31 / (download) - annotate - [select for diffs], Mon Mar 25 16:46:48 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.30: +26 -46 lines
Diff to previous 1.30 (colored)
Rework ssl_ctx_use_certificate_chain_bio() to use the CERT_PKEY chain. This means that any additional CA certificates end up on the per certificate chain, rather than the single/shared extra_certs. Also simplify this code and in particular, avoid setting the return value to indicate success until we've actually succeeded. ok beck@ tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Nov 8 20:55:18 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.29: +1 -25 lines
Diff to previous 1.29 (colored)
Stop pretending that a cert member in a SSL and SSL_CTX can be NULL. ok beck@ tb@
Revision 1.29 / (download) - annotate - [select for diffs], Wed Apr 25 07:10:39 2018 UTC (6 years, 1 month ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.28: +8 -16 lines
Diff to previous 1.28 (colored)
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
Revision 1.28 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.27: +52 -52 lines
Diff to previous 1.27 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.27 / (download) - annotate - [select for diffs], Thu Jan 26 12:16:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.26: +3 -5 lines
Diff to previous 1.26 (colored)
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.25: +52 -52 lines
Diff to previous 1.25 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jan 24 14:57:31 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.24: +3 -5 lines
Diff to previous 1.24 (colored)
sk_pop_free() checks for NULL so do not bother doing it from the callers.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jan 23 22:34:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.23: +17 -17 lines
Diff to previous 1.23 (colored)
move default_passwd_cb and default_passwd_cb_userdata back into the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jan 23 05:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.22: +7 -7 lines
Diff to previous 1.22 (colored)
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use. ok beck@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.21: +17 -17 lines
Diff to previous 1.21 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.21 / (download) - annotate - [select for diffs], Fri Mar 11 07:08:45 2016 UTC (8 years, 3 months ago) by mmcc
Branch: MAIN
Changes since 1.20: +5 -9 lines
Diff to previous 1.20 (colored)
X509_free(3) is NULL-safe, so remove NULL checks before its calls. ok doug@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Feb 6 01:37:11 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem(). As discussed with beck@ jsing@ and others OK beck@
Revision 1.19 / (download) - annotate - [select for diffs], Sun Dec 14 15:30:50 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.18: +7 -7 lines
Diff to previous 1.18 (colored)
Remove trailing whitespace.
Revision 1.18 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.17: +5 -3 lines
Diff to previous 1.17 (colored)
Sort and group includes.
Revision 1.17 / (download) - annotate - [select for diffs], Sun Sep 28 14:45:48 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.16: +48 -16 lines
Diff to previous 1.16 (colored)
Add a new API function SSL_CTX_use_certificate_chain() that allows to read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 12 16:03:37 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.15: +2 -3 lines
Diff to previous 1.15 (colored)
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jun 22 19:09:37 2014 UTC (9 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.14: +44 -24 lines
Diff to previous 1.14 (colored)
KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and multiline comments ok jsing@
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)
tags as requested by miod and tedu
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jun 7 14:35:31 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.12: +7 -14 lines
Diff to previous 1.12 (colored)
BIO_free has an implicit NULL check, so do not bother checking for NULL before calling it.
Revision 1.12 / (download) - annotate - [select for diffs], Thu May 29 18:27:52 2014 UTC (10 years ago) by beck
Branch: MAIN
Changes since 1.11: +0 -14 lines
Diff to previous 1.11 (colored)
Any sane platform has stdio. Stop pretending we will ever use a platform that does not. "fire bomb" tedu@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Apr 17 21:37:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.10: +0 -10 lines
Diff to previous 1.10 (colored)
always build in RSA and DSA. ok deraadt miod
Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 14 13:10:35 2014 UTC (10 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.9: +421 -471 lines
Diff to previous 1.9 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.8: +9 -5 lines
Diff to previous 1.8 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 2 months ago) by miod
Changes since 1.1.1.7: +9 -5 lines
Diff to previous 1.1.1.7 (colored)
Import OpenSSL 1.0.1g
Revision 1.8 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.6: +1 -1 lines
Diff to previous 1.1.1.6 (colored)
import OpenSSL-1.0.0a
Revision 1.7 / (download) - annotate - [select for diffs], Sat Sep 6 12:17:54 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.6: +37 -75 lines
Diff to previous 1.6 (colored)
resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Changes since 1.1.1.5: +37 -75 lines
Diff to previous 1.1.1.5 (colored)
import of OpenSSL 0.9.8h
Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 29 05:39:31 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.5: +1 -1 lines
Diff to previous 1.5 (colored)
resolve conflicts
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 29 05:37:28 2005 UTC (19 years, 1 month ago) by djm
Changes since 1.1.1.4: +1 -1 lines
Diff to previous 1.1.1.4 (colored)
import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Nov 11 22:15:20 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.4: +3 -1 lines
Diff to previous 1.4 (colored)
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Tue Nov 11 21:21:29 2003 UTC (20 years, 7 months ago) by markus
Changes since 1.1.1.3: +3 -1 lines
Diff to previous 1.1.1.3 (colored)
import 0.9.7c
Revision 1.4 / (download) - annotate - [select for diffs], Tue Sep 10 16:31:57 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
merge openssl-0.9.7-beta3, tested on vax by miod@
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 22:44:35 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.2: +1 -1 lines
Diff to previous 1.1.1.2 (colored)
import openssl-0.9.7-beta3
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:51:42 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.1: +174 -190 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.3 / (download) - annotate - [select for diffs], Wed May 15 02:29:20 2002 UTC (22 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.2: +21 -21 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.7 stable 2002 05 08 merge
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 04:37:30 1999 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +158 -174 lines
Diff to previous 1.1 (colored)
OpenSSL 0.9.4 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Oct 5 20:13:11 1998 UTC (25 years, 8 months ago) by ryker
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Oct 5 20:13:11 1998 UTC (25 years, 8 months ago) by ryker
Branch: MAIN
Initial revision