src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-06-13	Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which are	Joel Sing
	those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
2014-06-13	Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.	Joel Sing
	Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
2014-06-13	Remove support for the `opaque PRF input' extension, which draft has expired	Miod Vallat
	7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
2014-06-12	tags as requested by miod and tedu	Theo de Raadt

2014-06-08	Factor out the part of tls1_change_cipher_state() that is specific to	Joel Sing
	switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
2014-06-07	http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵	Theo de Raadt
	c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
2014-05-31	ECDH and ECDSA will not work overly well if there is no EC, so unifdef	Joel Sing
	OPENSSL_NO_EC. ok tedu@
2014-05-31	TLS would not be entirely functional without extensions, so unifdef	Joel Sing
	OPENSSL_NO_TLSEXT. ok tedu@
2014-05-30	remove some #if 0 code. we don't need any more reminders that we're using	Ted Unangst
	a not quite appropriate data structure. ok jsing
2014-05-29	Everything sane has stdio, and FILE *. we don't need ifdefs for this.	Bob Beck
	ok to firebomb from tedu@
2014-05-29	remove back compat that was already disabled back in 1998.	Ted Unangst
	from Alexander Schrijver
2014-05-29	Any sane platform has stdio. Stop pretending we will ever use a platform	Bob Beck
	that does not. "fire bomb" tedu@
2014-05-29	unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.	Ted Unangst
	ok deraadt jsing
2014-05-25	The ssl_ciper_get_evp() function is currently overloaded to also return the	Joel Sing
	compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
2014-05-24	Include <openssl/opensslconf.h> - currently ssl.h is relying on it being	Joel Sing
	pulled in elsewhere, even though it is makes use of the OPENSSL_NO_* defines. While here, remove kssl.h since it is a no-op. ok beck@ miod@
2014-05-22	There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (an	Joel Sing
	empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
2014-05-05	Remove SRP and Kerberos support from libssl. These are complex protocols	Ted Unangst
	all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
2014-05-02	Nuke OPENSSL_NO_SOCK since any half sane operating system has sockets.	Joel Sing
	ok beck@
2014-04-30	i suck at math. b - 8 = 3, not 4. detected by Antoine Pitrou. thanks.	Ted Unangst

2014-04-28	SSL_OP_ALL is supposed to be all options and workarounds that are safe,	Ted Unangst
	but disabling attack mitigations is not safe. 0.9.6d contained a workaround for an attack against CBC modes. 0.9.6e disabled it by default because "some" implementations couldn't handle empty fragments. 12 years have passed. Does anybody still care? Let's find out. ok miod
2014-04-28	Remove ending cplusplus guard followed by starting cplusplus guard; from	Miod Vallat
	Gebruiker Schoot.
2014-04-24	Bring back the SSL_OP_PKCS1_CHECK_* defines (defined to zero, as they already	Miod Vallat
	were), after stumbling upon code (mis)using them in the wild.
2014-04-23	Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover	Miod Vallat
	``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
2014-04-20	Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.	Philip Guenther
	APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
2014-04-19	More KNF and style consistency tweaks	Philip Guenther

2014-04-17	always build in RSA and DSA. ok deraadt miod	Ted Unangst

2014-04-16	TANSTAAFL - delete the buf freelist code. if you need a better malloc, get	Ted Unangst
	a better malloc. ok beck deraadt
2014-04-16	add back SRP. i was being too greedy.	Ted Unangst

2014-04-16	disentangle SRP code from TLS	Ted Unangst

2014-04-15	remove ssl2 support even more completely.	Ted Unangst
	in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
2014-04-15	First pass at applying KNF to the OpenSSL code, which almost makes it	Joel Sing
	readable. This pass is whitespace only and can readily be verified using tr and md5. There is still a huge amount of inconsistency within these headers.
2014-04-14	make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod	Ted Unangst

2014-04-13	Cope with the removal of openssl/symhacks.h	Theo de Raadt

2014-04-13	Flense a variety of windows support stuff, and a strange gettimeofday function.	Bob Beck
	ok deraadt@
2014-04-13	Remove vms support stuff.	Bob Beck
	ok deraadt@
2014-04-13	Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.	Miod Vallat

2012-10-13	resolve conflicts	Damien Miller

2012-01-05	OpenSSL 1.0.0f: merge	Damien Miller

2010-10-01	resolve conflicts, fix local changes	Damien Miller

2009-01-05	update to openssl-0.9.8i; tested by several, especially krw@	Damien Miller

2008-09-06	resolve conflicts	Damien Miller

2006-06-27	resolve conflicts	Damien Miller

2005-04-29	resolve conflicts	Damien Miller

2004-04-08	merge 0.9.7d	Markus Friedl

2003-05-12	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	Markus Friedl

2002-09-14	merge with openssl-0.9.7-stable-SNAP-20020911,	Markus Friedl
	new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
2002-09-10	merge openssl-0.9.7-beta3, tested on vax by miod@	Markus Friedl

2002-07-30	apply patches from OpenSSL Security Advisory [30 July 2002],	Markus Friedl
	http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
2002-05-15	OpenSSL 0.9.7 stable 2002 05 08 merge	Bob Beck

2001-06-22	openssl-engine-0.9.6a merge	Bob Beck