| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
| |
|
|
|
|
|
| |
Adam Langley close to three years ago, which were commited in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.
(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant. More fuel for the
tedu fire...)
jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@
|
| |
|
|
|
|
| |
Based on changes to OpenSSL trunk.
ok beck@ miod@
|
| |
|
|
| |
ok beck@ miod@
|
| |
|
|
|
| |
to interleave them within the conditions. Also fix wrapping and
indentation.
|
| |
|
|
|
| |
baggage.
ok miod@ jsing@
|
| | |
|
| |
|
|
|
|
| |
ciphers we no longer need the flags or code to support it.
ok beck@ miod@
|
| |
|
|
| |
reported by Brent Cook, original diff by logan
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
c30718b5e7480add42598158
Don't know the full story, but it looks like a "can't do random
perfectly, so do it god awful" problem was found in 2013, and
replaced with "only do it badly if a flag is set". New flags
(SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME)
were added [Ben Laurie?] to support the old scheme of "use time_t
for first 4 bytes of the random buffer".
Nothing uses these flags [ecosystem scan by sthen]
Fully discourage use of these flags in the future by removing
support & definition of them. The buflen < 4 check is also interesting,
because no entropy would be returned. No callers passed such small
buffers.
ok miod sthen
|
| |
|
|
|
|
| |
OPENSSL_NO_TLSEXT.
ok tedu@
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| |
|
|
| |
ok deraadt jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
readable and one less layer of abstraction. Use C99 initialisers for
clarity, grepability and to protect from future field reordering/removal.
ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed,
but ran away squealing since it reminded him of the VOP layer...)
|
| |
|
|
|
| |
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.
|
| |
|
|
| |
ok miod@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
| |
it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck
|
| | |
|
| |
|
|
|
|
|
| |
in a bunch of places inside the TLS engine, to try to keep entropy high.
I wonder if their moto is "If you can't solve a problem, at least try
to do it badly".
ok miod
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| |
|
|
| |
ok miod@, deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
