| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This allows an SSL server to enable ECDHE ciphers with a single setting,
which results in an EC key being generated using the first preference
shared curve.
Based on OpenSSL with inspiration from boringssl.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
| |
The existing code reaches around into various internals of EC, which it
should not know anything about. Replace this with a set of functions that
that can correctly extract the necessary details and handle the
comparisions.
Based on a commit to OpenSSL, with some inspiration from boringssl.
ok miod@
|
| |
|
|
|
|
| |
nor do we plan on supporting them.
ok guenther@
|
| |
|
|
|
|
|
| |
ssl3_cipher_get_value() helper function, which returns the cipher suite
value for the given cipher.
ok miod@
|
| |
|
|
|
|
| |
currently).
From Dmitry Eremin-Solenikov.
|
| |
|
|
|
|
| |
ssl3_get_cipher_by_id().
ok bcook@
|
| |
|
|
|
|
|
|
| |
up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
| | |
|
| |
|
|
|
|
|
|
| |
the cipher list. This reduces code size, saves data segment space and
prevents them from being turned back on at runtime by flipping a bit in
memory.
ok guenther@
|
| |
|
|
| |
to only apply to s23_srvr.c.
|
| |
|
|
|
|
|
|
|
|
|
| |
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).
Instead, compare for the exact value it ought to return upon success.
ok deraadt@
|
| |
|
|
|
|
| |
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
|
| |
|
|
|
|
| |
Based on changes to OpenSSL trunk.
ok beck@ miod@
|
| |
|
|
|
| |
baggage.
ok miod@ jsing@
|
| | |
|
| |
|
|
|
|
| |
ciphers we no longer need the flags or code to support it.
ok beck@ miod@
|
| |
|
|
|
|
| |
Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@
|
| |
|
|
|
|
| |
mind should be using them.
ok deraadt@ miod@
|
| |
|
|
| |
ok deraadt@ miod@
|
| |
|
|
| |
ok deraadt@ miod@
|
| |
|
|
|
|
| |
From OpenSSL.
ok miod@
|
| |
|
|
|
|
| |
Based on Adam Langley's chromium patches.
Tested by and ok sthen@
|
| | |
|
| |
|
|
|
|
|
|
| |
7 years ago and never made it into an RFC. That code wasn't compiled in
anyway unless one would define the actual on-the-wire extension id bytes;
crank libssl major.
With help and enlightenment from Brendan MacDonell.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
before calling it.
|
| |
|
|
| |
so do not bother checking before calling.
|
| |
|
|
|
| |
implicit NULL checks, so there is no point ensuring that the pointer is
non-NULL before calling them.
|
| | |
|
| |
|
|
|
|
| |
OPENSSL_NO_EC.
ok tedu@
|
| |
|
|
|
|
| |
OPENSSL_NO_TLSEXT.
ok tedu@
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| |
|
|
|
|
| |
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
| |
|
|
| |
ok deraadt jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
by adding an enc_flags field to the ssl3_enc_method, specifying four flags
that are used with this field and providing macros for evaluating these
conditions. Currently the version requirements are identified by
continually checking the version number and other criteria.
This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2,
since they have different enc_flags from TLS v1.
Based on changes in OpenSSL head.
No objection from miod@
|
| |
|
|
|
|
|
|
| |
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if (nothing to allocate)
ptr = malloc(1)
else {
if ((ptr = malloc(size to allocate))
memcpy(ptr, data to copy, size to allocate)
}
if (ptr == NULL)
OMG ERROR
with a saner logic where the NULL pointer check if moved to the actual
malloc branch, so that we do not need to malloc a single byte, just to avoid
having a NULL pointer.
Whoever thought allocating a single byte was a smart idea was obviously
not taking his meds.
ok beck@ guenther@
|
| |
|
|
|
|
|
| |
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
| |
clarity, grepability and to protect from future field reordering/removal.
ok miod@
|
| |
|
|
|
|
|
|
|
| |
empty define) and an OPENSSL_EXTERN (which is defined as, well... extern).
The use of OPENSSL_EXTERN is already inconsistent since the lines above
and below just use plain old "extern". Expand the two uses of these macros
and stop including e_os2.h in libssl.
ok miod@
|
| |
|
|
| |
ok beck@ miod@
|
| |
|
|
| |
ok beck@ miod@
|
| | |
|
| |
|
|
|
| |
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.
|
| |
|
|
| |
I missed on the first go around.
|
| | |
|
| | |
|
