| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). |   jsing | 2014-10-18 | 17 | -65/+38 |
| * | Typical malloc() with size multiplication to reallocarray(). |   doug | 2014-10-18 | 2 | -8/+8 |
| * | Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, use |   beck | 2014-10-16 | 1 | -2/+2 |
| * | Disable SSLv3 by default. | jsing | 2014-10-15 | 1 | -1/+4 |
| * | Only require an EC public key in tls1_set_ec_id(), if we need to provide | jsing | 2014-10-15 | 1 | -4/+4 |
| * | Add cipher aliases for DHE (the correct name for EDH) and ECDHE (the | jsing | 2014-10-15 | 2 | -4/+16 |
| * | Use more specific curves/formats naming for local variables in | jsing | 2014-10-05 | 1 | -30/+28 |
| * | Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather than | jsing | 2014-10-05 | 1 | -11/+2 |
| * | Make tls1_get_formatlist() behave the same as tls1_get_curvelist() and | jsing | 2014-10-05 | 1 | -21/+29 |
| * | Add support for automatic ephemeral EC keys. | jsing | 2014-10-03 | 7 | -13/+76 |
| * | Use string literals in printf style calls so gcc's -Wformat works. | doug | 2014-10-03 | 1 | -3/+3 |
| * | Clean up EC cipher handling in ssl3_choose_cipher(). | jsing | 2014-09-30 | 3 | -145/+152 |
| * | Add a new API function SSL_CTX_use_certificate_chain() that allows to |   reyk | 2014-09-28 | 2 | -17/+50 |
| * | There is not much point checking ecdhp is not NULL... twice. | jsing | 2014-09-27 | 2 | -14/+5 |
| * | Check that the specified curve is one of the client preferences. | jsing | 2014-09-27 | 5 | -8/+70 |
| * | Now that we have a static version of the default EC formats, also use it | jsing | 2014-09-26 | 1 | -47/+44 |
| * | Refactor and simplify the ECC extension handling. The existing code | jsing | 2014-09-22 | 2 | -122/+98 |
| * | Also check the result from final_finish_mac() against finish_mac_length in | jsing | 2014-09-22 | 1 | -19/+17 |
| * | It is possible (although unlikely in practice) for peer_finish_md_len to | jsing | 2014-09-22 | 1 | -13/+11 |
| * | Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, which | jsing | 2014-09-21 | 2 | -10/+18 |
| * | Add CHACHA20 as a cipher symmetric encryption alias. | jsing | 2014-09-19 | 1 | -1/+5 |
| * | remove obfuscating parens. man operator is your friend. |   tedu | 2014-09-19 | 2 | -15/+15 |
| * | Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them, | jsing | 2014-09-07 | 8 | -91/+27 |
| * | Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and a | jsing | 2014-08-24 | 5 | -29/+19 |
| * | Remove non-standard GOST cipher suites (which are not compiled in | jsing | 2014-08-23 | 1 | -68/+1 |
| * | Replace the remaining ssl3_get_cipher_by_char() calls with n2s() and | jsing | 2014-08-23 | 4 | -40/+30 |
| * | Check the return value of sk_SSL_CIPHER_new_null(), since it allocates | jsing | 2014-08-11 | 1 | -5/+7 |
| * | Unchecked memory allocation and potential leak upon error in |   miod | 2014-08-11 | 1 | -5/+12 |
| * | Remove now-unused SSL2_STATE as well as ssl2-specific state machine values. | miod | 2014-08-11 | 1 | -117/+1 |
| * | Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed way | jsing | 2014-08-11 | 3 | -13/+12 |
| * | Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked | jsing | 2014-08-11 | 3 | -15/+18 |
| * | Tweak cipher list comments and add missing cipher value comments. | jsing | 2014-08-10 | 1 | -5/+26 |
| * | Remove disabled (weakened export and non-ephemeral DH) cipher suites from | jsing | 2014-08-10 | 1 | -470/+5 |
| * | Since we no longer need to support SSLv2-style cipher lists, start | jsing | 2014-08-10 | 17 | -94/+35 |
| * | Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragment |   guenther | 2014-08-08 | 1 | -2/+7 |
| * | Correct test reversed during merge of fix for CVE-2014-3509 | guenther | 2014-08-07 | 1 | -2/+2 |
| * | Fix CVE-2014-3506, DTLS handshake message size checks. From | guenther | 2014-08-07 | 1 | -16/+22 |
| * | Oops, revert changes commited by mistake. The previous commit was supposed | miod | 2014-08-07 | 7 | -28/+31 |
| * | When you expect a function to return a particular value, don't put a comment | miod | 2014-08-07 | 8 | -37/+31 |
| * | Fix CVE-2014-3511; TLS downgrade, verbatim diff |   deraadt | 2014-08-07 | 1 | -5/+27 |
| * | merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of service | deraadt | 2014-08-07 | 1 | -1/+9 |
| * | merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther | deraadt | 2014-08-06 | 1 | -9/+13 |
| * | Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed by | miod | 2014-08-06 | 1 | -4/+1 |
| * | The RSA, DH, and ECDH temporary key callbacks expect the number of keybits | guenther | 2014-07-28 | 3 | -9/+21 |
| * | avoid sys/param.h; Jonas Termansen | deraadt | 2014-07-17 | 1 | -2/+2 |
| * | Missing bounds check in ssl3_get_certificate_request(), was not spotted in | miod | 2014-07-17 | 1 | -1/+6 |
| * | Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext(). | miod | 2014-07-14 | 1 | -6/+6 |
| * | Stop leaking internal library pointers in error messages. | jsing | 2014-07-13 | 1 | -2/+2 |
| * | Explicitly initialise slen - this was not previously done due to a missing | jsing | 2014-07-13 | 1 | -1/+2 |
| * | Convert error handling to SSLerr and ERR_asprintf_error_data. | jsing | 2014-07-13 | 1 | -59/+54 |
