Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-06-10 | Now that all of the server-side client key exchange processing functions | Joel Sing | |
have been converted to CBS, pull it up a level. ok inoguchi@ tb@ | |||
2018-06-03 | Allocate a dedicated buffer for use when deriving a shared key during | Joel Sing | |
client KEX DHE processing, rather than reusing the buffer that is used to send/receive handshake messages. ok beck@ inoguchi@ | |||
2018-06-03 | Check the return value from DH_size() in ssl3_send_client_kex_dhe(). | Joel Sing | |
ok beck@ inoguchi@ | |||
2018-06-02 | Convert ssl3_get_client_kex_ecdhe_ecp() to CBS. | Joel Sing | |
Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@ | |||
2018-06-02 | Remove the three remaining single DES cipher suites. | Joel Sing | |
These are insecure and should not be used - furthermore, we would should not have been allowing their negotiation with TLSv1.2 (as noted by Robert Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher suites also fixes this issue. ok beck@ inoguchi@ | |||
2018-05-19 | Clean out a pile of cruft from ssl3_get_client_kex_ecdhe_ecp(). | Joel Sing | |
For pure ECDHE we do not need to construct a new key using the one that was set up during the other half of the key exchange. Also, since we do not support any form of ECDH the n == 0 case is not valid (per RFC 4492 section 5.7), so we can ditch this entirely. ok inoguchi@ tb@ | |||
2018-05-19 | Convert ssl3_get_client_kex_gost() to CBS. | Joel Sing | |
ok beck@ tb@ | |||
2018-05-13 | Fix a malloc() NULL check in ssl3_send_client_kex_ecdhe_ecp(), by adding | Joel Sing | |
the missing goto. While here also remove a set of unnecessary parentheses. | |||
2018-05-13 | More clean up of the RSA key exchange code. | Joel Sing | |
Convert to CBS, use more appropriate variable names and improve validation. Allocate a dedicated buffer to hold the decrypted result, rather than decrypting into the handshake buffer (which is also used to send data). ok beck@ inoguchi@ tb@ | |||
2018-05-12 | If we fail to decode an EC point format extension, send a decode_error | Joel Sing | |
alert rather than an internal_error alert. Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky. ok beck@ inoguchi@ | |||
2018-05-01 | In ssl.h rev. 1.158 2018/05/01 13:30:24, tb@ changed BIO_f_ssl(3) | Ingo Schwarze | |
to return const. Update the documentation. | |||
2018-05-01 | const for BIO_f_ssl(), the last const difference to OpenSSL in our | Theo Buehler | |
public API in libssl. ok beck, jsing | |||
2018-04-29 | Correct direction of SSL_ERROR_ZERO_RETURN case | Philip Guenther | |
ok schwarze@ | |||
2018-04-25 | Avoid talking about the innternal, undocumented data type "struct lhash_st", | Ingo Schwarze | |
show the public data type name "LHASH_OF(SSL_SESSION)" instead. | |||
2018-04-25 | Document the callbacks as taking "SSL *" and "SSL_CTX *" arguments | Ingo Schwarze | |
and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *". | |||
2018-04-25 | In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiers | Ingo Schwarze | |
to some parameters and return values of some functions. Update the documentation. | |||
2018-04-25 | Fix capitalization of data. Pointed out by jsing and forgotten in | Theo Buehler | |
previous commit. | |||
2018-04-25 | OpenSSL started adding const to functions all over the place. Make all | Theo Buehler | |
our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing | |||
2018-04-14 | make ENGINE_finish() succeed on NULL and simplify callers as in | Theo Buehler | |
OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi | |||
2018-04-11 | In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changed | Ingo Schwarze | |
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page. | |||
2018-04-11 | Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients from | Joel Sing | |
around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@ | |||
2018-04-10 | Write documentation for the control string parameter from scratch, | Ingo Schwarze | |
collecting the information by inspecting the source code. | |||
2018-04-07 | Remove function pointers for ssl_{read,write,peek}. | Joel Sing | |
Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@ | |||
2018-04-07 | Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER. | Joel Sing | |
These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@ | |||
2018-04-02 | In ssl.h rev. 1.151 2018/03/17 15:48:31, tb@ provided | Ingo Schwarze | |
SSL_CTX_get_default_passwd_cb(3) and SSL_CTX_get_default_passwd_cb_userdata(3). Merge the documentation, tweaked by me; from Christian Heimes <cheimes at redhat dot com> via OpenSSL commit 0c452abc Mar 2 12:53:40 2016 +0100. | |||
2018-03-30 | fix typo; from <Alex dot Gaynor at gmail dot com> | Ingo Schwarze | |
via OpenSSL commit 3266cf58 Mar 10 13:13:23 2018 -0500 | |||
2018-03-30 | Add missing $OpenBSD$. | Joel Sing | |
2018-03-27 | found a complete archive of SSLeay-0.4 to SSLeay-0.8.1b tarballs | Ingo Schwarze | |
on the web, so fix up SSLeay HISTORY accordingly | |||
2018-03-24 | finish ssl HISTORY; mostly 1.1.0/6.3, but also various other fixes | Ingo Schwarze | |
2018-03-24 | ouch, previous was wrong; revert it and fix HISTORY instead | Ingo Schwarze | |
2018-03-23 | delete two functions that do not exist | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVS | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 1.0.1; researched from OpenSSL git | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 1.0.0; researched from OpenSSL git | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 0.9.8zh; researched from OpenSSL git | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 0.9.8h; researched from OpenSSL git | Ingo Schwarze | |
2018-03-23 | ssl.h HISTORY up to 0.9.8; researched from OpenSSL git | Ingo Schwarze | |
2018-03-22 | ssl.h HISTORY up to 0.9.7; researched from OpenSSL git | Ingo Schwarze | |
2018-03-22 | ssl.h HISTORY up to 0.9.6c; researched from OpenSSL git | Ingo Schwarze | |
2018-03-22 | ssl.h HISTORY up to 0.9.5; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to 0.9.4; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to 0.9.3; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to 0.9.2b; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to SSLeay 0.9.1; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to SSLeay 0.9.0; researched from OpenSSL git | Ingo Schwarze | |
2018-03-21 | ssl.h HISTORY up to SSLeay 0.8.1b; researched from OpenSSL git | Ingo Schwarze | |
2018-03-20 | In ssl.h rev. 1.154 2018/03/20 15:28:12, tb@ provided | Ingo Schwarze | |
SSL_SESSION_set1_id(3). Merge the documentation from OpenSSL, slightly tweaked by me. | |||
2018-03-20 | In i2d_SSL_SESSION(), on error call CBB_cleanup() with the correct CBB. | Joel Sing | |
Spotted by Coverity, although reported as a different issue. | |||
2018-03-20 | bump minors after symbol addition | Theo Buehler | |
2018-03-20 | Provide SSL_SESSION_set1_id() | Theo Buehler | |
ok jsing |