| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-06-12 | tags as requested by miod and tedu | Theo de Raadt | |
| 2014-06-11 | Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored since | Joel Sing | |
| OpenSSL 1.0.0. ok miod@ (a little while back) | |||
| 2014-06-07 | http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵ | Theo de Raadt | |
| c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen | |||
| 2014-06-07 | The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all have | Joel Sing | |
| implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them. | |||
| 2014-06-05 | Ensure that sess_cert is not NULL before trying to use it. | Joel Sing | |
| Fixes CVE-2014-3470, from OpenSSL. ok deraadt@ | |||
| 2014-06-05 | ssl_sess_cert_new() can return NULL. Fix two cases where the return value | Joel Sing | |
| is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@ | |||
| 2014-06-05 | Be selective as to when ChangeCipherSpec messages will be accepted. | Joel Sing | |
| Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@ | |||
| 2014-06-05 | More KNF. | Joel Sing | |
| 2014-06-04 | without overthinking it, replace a few memcmp calls with CRYPTO_memcmp | Ted Unangst | |
| where it is feasible to do so. better safe than sorry. | |||
| 2014-05-31 | More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup. | Joel Sing | |
| 2014-05-31 | TLS would not be entirely functional without extensions, so unifdef | Joel Sing | |
| OPENSSL_NO_TLSEXT. ok tedu@ | |||
| 2014-05-30 | remove some #if 0 code. we don't need any more reminders that we're using | Ted Unangst | |
| a not quite appropriate data structure. ok jsing | |||
| 2014-05-30 | Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and | Joel Sing | |
| SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head. | |||
| 2014-05-29 | no space before label | Ted Unangst | |
| 2014-05-29 | line up else better | Ted Unangst | |
| 2014-05-29 | unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them. | Ted Unangst | |
| ok deraadt jsing | |||
| 2014-05-28 | EVP_MD_CTX_create() calls malloc and can return NULL. However, only one of | Joel Sing | |
| the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@ | |||
| 2014-05-28 | There is no point in checking if a pointer is non-NULL before calling free, | Joel Sing | |
| since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@ | |||
| 2014-05-25 | Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of | Joel Sing | |
| this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@ | |||
| 2014-05-24 | DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far more | Joel Sing | |
| readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...) | |||
| 2014-05-22 | Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now. | Joel Sing | |
| ok beck@ miod@ | |||
| 2014-05-20 | KSSL is dead... nuke KSSL_DEBUG from orbit. | Joel Sing | |
| ok beck@ miod@ | |||
| 2014-05-05 | Remove SRP and Kerberos support from libssl. These are complex protocols | Ted Unangst | |
| all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected. | |||
| 2014-04-24 | Fix indentation. | Ryan Thomas McBride | |
| 2014-04-24 | Make it compile again. | Joel Sing | |
| 2014-04-24 | More KNF, things that couldn't be verified with md5(1), and some whitespace | Ryan Thomas McBride | |
| I missed on the first go around. | |||
| 2014-04-24 | KNF | Ryan Thomas McBride | |
| 2014-04-24 | remove redundant asign. from David Hill | Ted Unangst | |
| 2014-04-23 | Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover | Miod Vallat | |
| ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@ | |||
| 2014-04-21 | more malloc/realloc/calloc cleanups; ok beck kettenis | Theo de Raadt | |
| 2014-04-19 | More KNF and style consistency tweaks | Philip Guenther | |
| 2014-04-17 | whack a bunch of disabled code. ok beck lteo | Ted Unangst | |
| 2014-04-17 | no longer need to fool emacs indentation and other if (0) oddities. | Ted Unangst | |
| 2014-04-17 | always build in RSA and DSA. ok deraadt miod | Ted Unangst | |
| 2014-04-17 | quick pass at removing ability to disable sha256 and sha512. ok miod | Ted Unangst | |
| 2014-04-17 | Change library to use intrinsic memory allocation functions instead of | Bob Beck | |
| OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free | |||
| 2014-04-16 | add back SRP. i was being too greedy. | Ted Unangst | |
| 2014-04-16 | disentangle SRP code from TLS | Ted Unangst | |
| 2014-04-15 | remove FIPS mode support. people who require FIPS can buy something that | Ted Unangst | |
| meets their needs, but dumping it in here only penalizes the rest of us. ok miod | |||
| 2014-04-14 | make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod | Ted Unangst | |
| 2014-04-14 | So the OpenSSL codebase does "get the time, add it as a random seed" | Theo de Raadt | |
| in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod | |||
| 2014-04-14 | First pass at applying KNF to the OpenSSL code, which almost makes it | Joel Sing | |
| readable. This pass is whitespace only and can readily be verified using tr and md5. | |||
| 2014-04-13 | Do not include "e_os.h" anymore. Simply pull in the necessary headers. | Martin Pieuchot | |
| ok miod@, deraadt@ | |||
| 2014-04-13 | Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery. | Miod Vallat | |
| 2012-10-13 | resolve conflicts | Damien Miller | |
| 2012-01-05 | OpenSSL 1.0.0f: merge | Damien Miller | |
| 2011-11-03 | openssl-1.0.0e: resolve conflicts | Damien Miller | |
| 2010-12-15 | Security fix for CVE-2010-4180 as mentioned in ↵ | Jasper Lievisse Adriaanse | |
| http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@ | |||
| 2010-10-01 | resolve conflicts, fix local changes | Damien Miller | |
| 2009-01-09 | resolve conflicts | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |