summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Specify the correct strength bits for 3DES cipher suites.jsing2014-06-211-15/+13
| | | | | | From OpenSSL. ok miod@
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-131-1/+52
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* Switch the AES-GCM cipher suites to SSL_CIPHER_ALGORITHM2_AEAD.jsing2014-06-131-21/+68
|
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-55/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Remove another NULL check before a BIO_free().jsing2014-06-071-4/+4
|
* ssl3_free_digest_list() has its own NULL check.jsing2014-06-071-5/+3
|
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-071-2/+1
| | | | before calling it.
* ssl3_release_{read,write}_buffer() handle being called with NULL buffers,jsing2014-06-071-4/+3
| | | | so do not bother checking before calling.
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-27/+14
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-5/+1
|
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-6/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-14/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-9/+0
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-2/+2
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-36/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-1/+1
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-25/+14
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Replace the following logic:miod2014-05-261-8/+10
| | | | | | | | | | | | | | | | | | | | | if (nothing to allocate) ptr = malloc(1) else { if ((ptr = malloc(size to allocate)) memcpy(ptr, data to copy, size to allocate) } if (ptr == NULL) OMG ERROR with a saner logic where the NULL pointer check if moved to the actual malloc branch, so that we do not need to malloc a single byte, just to avoid having a NULL pointer. Whoever thought allocating a single byte was a smart idea was obviously not taking his meds. ok beck@ guenther@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-24/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* Use C99 initialisers for SSL3_ENC_METHOD structs.jsing2014-05-241-14/+16
| | | | ok miod@
* Clean up the SSL cipher initialisation and use C99 initialisers forjsing2014-05-231-1709/+1712
| | | | | | clarity, grepability and to protect from future field reordering/removal. ok miod@
* There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anjsing2014-05-221-1/+1
| | | | | | | | | empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* KSSL is dead... nuke KSSL_DEBUG from orbit.jsing2014-05-201-3/+0
| | | | ok beck@ miod@
* deleted seed some time agotedu2014-05-171-101/+0
|
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-445/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-7/+9
| | | | I missed on the first go around.
* KNFmcbride2014-04-241-99/+181
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-8/+9
|
* spacingtedu2014-04-181-10/+11
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-169/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-42/+3
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-14/+14
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+209
|
* disentangle SRP code from TLStedu2014-04-161-209/+0
|
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-21/+0
|
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-2688/+2605
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-2/+2
| | | | ok miod@, deraadt@
* remove more cases of MS_STATIC, MS_CALLBACK, and MS_FAR. Did youderaadt2014-04-131-1/+1
| | | | | | | know that MS_STATIC doesn't mean it is static? How far can lies and half-truths be layered? I wonder if anyone got fooled, and actually returned a pointer.. ok beck
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-11/+23
|
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-271-1/+1
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* resolve conflictsdjm2012-10-131-21/+965
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+3
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-0/+6
|
* resolve conflicts, fix local changesdjm2010-10-011-772/+1475
|
* pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-101-0/+3
| | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-20/+20
|
* resolve conflictsdjm2008-09-061-337/+1161
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 01:33:24 +0000