summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-23/+1
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-111-1/+14
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Tweak cipher list comments and add missing cipher value comments.jsing2014-08-101-5/+26
|
* Remove disabled (weakened export and non-ephemeral DH) cipher suites fromjsing2014-08-101-470/+5
| | | | | | | | the cipher list. This reduces code size, saves data segment space and prevents them from being turned back on at runtime by flipping a bit in memory. ok guenther@
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-071-2/+4
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-071-4/+2
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-2/+2
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-67/+67
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-71/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-5/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-18/+12
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Mark the weakened 40-bit export ciphers as invalid - no one in their rightjsing2014-07-081-9/+9
| | | | | | mind should be using them. ok deraadt@ miod@
* Remove SSL_FIPS.jsing2014-07-081-84/+84
| | | | ok deraadt@ miod@
* Nuke SSL_NOT_EXP since it does nothing.jsing2014-07-081-124/+124
| | | | ok deraadt@ miod@
* Specify the correct strength bits for 3DES cipher suites.jsing2014-06-211-15/+13
| | | | | | From OpenSSL. ok miod@
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-131-1/+52
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* Switch the AES-GCM cipher suites to SSL_CIPHER_ALGORITHM2_AEAD.jsing2014-06-131-21/+68
|
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-55/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Remove another NULL check before a BIO_free().jsing2014-06-071-4/+4
|
* ssl3_free_digest_list() has its own NULL check.jsing2014-06-071-5/+3
|
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-071-2/+1
| | | | before calling it.
* ssl3_release_{read,write}_buffer() handle being called with NULL buffers,jsing2014-06-071-4/+3
| | | | so do not bother checking before calling.
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-27/+14
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-5/+1
|
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-6/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-14/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-9/+0
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-2/+2
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-36/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-1/+1
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-25/+14
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Replace the following logic:miod2014-05-261-8/+10
| | | | | | | | | | | | | | | | | | | | | if (nothing to allocate) ptr = malloc(1) else { if ((ptr = malloc(size to allocate)) memcpy(ptr, data to copy, size to allocate) } if (ptr == NULL) OMG ERROR with a saner logic where the NULL pointer check if moved to the actual malloc branch, so that we do not need to malloc a single byte, just to avoid having a NULL pointer. Whoever thought allocating a single byte was a smart idea was obviously not taking his meds. ok beck@ guenther@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-24/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* Use C99 initialisers for SSL3_ENC_METHOD structs.jsing2014-05-241-14/+16
| | | | ok miod@
* Clean up the SSL cipher initialisation and use C99 initialisers forjsing2014-05-231-1709/+1712
| | | | | | clarity, grepability and to protect from future field reordering/removal. ok miod@
* There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anjsing2014-05-221-1/+1
| | | | | | | | | empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* KSSL is dead... nuke KSSL_DEBUG from orbit.jsing2014-05-201-3/+0
| | | | ok beck@ miod@
* deleted seed some time agotedu2014-05-171-101/+0
|
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-445/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-7/+9
| | | | I missed on the first go around.
* KNFmcbride2014-04-241-99/+181
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-8/+9
|
* spacingtedu2014-04-181-10/+11
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-169/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-42/+3
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-14/+14
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:04:41 +0000