summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-14/+14
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-59/+3
| | | | ok beck@ miod@
* Make disabling last cipher work.guenther2014-07-121-9/+9
| | | | | From Thijs Alkemade via OpenSSL trunk ok miod@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-3/+1
| | | | | baggage. ok miod@ jsing@
* Remove more compression tendrils.jsing2014-07-101-5/+1
| | | | ok tedu@
* Remove more compression related code.jsing2014-07-101-10/+1
|
* Put back some parts of the public SSL API that should not have beenjsing2014-07-101-1/+19
| | | | completely decompressed.
* decompress libssl. ok beck jsingtedu2014-07-101-173/+2
|
* Clean up and simplify SSL_CIPHER_description by always using asprintf. Ifjsing2014-07-091-54/+54
| | | | | | | a buffer was supplied then we copy the result into it. Also make the failure case return values match the documentation. Joint work with beck@
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-53/+11
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Remove SSL_FIPS.jsing2014-07-081-8/+1
| | | | ok deraadt@ miod@
* Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()miod2014-06-181-11/+11
| | | | | | when no storage buffer is passed. ok deraadt@ tedu@
* In SSL_COMP_add_compression_method(), make sure error cases actually returnmiod2014-06-181-2/+2
| | | | | | `error' rather than `success'. ok deraadt@
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-131-2/+14
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher asjsing2014-06-081-0/+38
| | | | | using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
* Use C99 initialisers for cipher_aliases. This improves readability,jsing2014-06-011-92/+332
| | | | | | | | removes the need for zero values to be specified (meaning that we usually specify two fields instead of 12), makes the field names grepable and protects from future field reordering/removal. ok beck@ miod@
* More KNF.jsing2014-05-301-56/+73
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-11/+0
| | | | ok deraadt jsing
* repair KNF indentderaadt2014-05-291-1/+1
|
* Wrap some long lines.jsing2014-05-271-4/+8
|
* Remove MemCheck_{on,off} that escaped last time around.jsing2014-05-271-4/+0
|
* More KNF.jsing2014-05-271-2/+2
|
* Unchecked malloc() return value in SSL_COMP_add_compression_method(), in themiod2014-05-261-0/+4
| | | | | !OPENSSL_NO_COMP case. Does not affect OpenBSD as we compile the opposite code path.
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-13/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* Turn off MemCheck_on and MemCheck_off. These calls are pointless since thejsing2014-05-251-2/+0
| | | | | | crypto memory debugging code has been castrated. ok miod@ "kill it" beck@
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-22/+32
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* In ssl_cipher_get_evp(), fix off-by-one in index validation before accessingmiod2014-05-241-2/+2
| | | | | | arrays. "kind of scary" deraadt@, ok guenther@
* KSSL is dead... nuke KSSL_DEBUG from orbit.jsing2014-05-201-14/+0
| | | | ok beck@ miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-4/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* switch to reallocarraytedu2014-04-221-2/+2
|
* use mallocarray(a,b) instead of malloc(a*b)deraadt2014-04-211-2/+2
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+2
|
* Use calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know ifderaadt2014-04-201-2/+1
| | | | | | | | | | | | | | | | | | | | | | this instance is integer-overflowable, but we cannot keep hand-auditing every instance (or apathetically ignoring these issues) when the simple calloc idiom is better in the presence of a good calloc(). It is simply unfeasible to always enter correct range checks before the aggregate size calculation, just go find some 4000 lines of code, REPAIR THEM ALL, then come back and tell me I am wrong. This only works on systems where calloc() does the integer overflow check, but if your system doesn't do this, you need to ask your vendor WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE? This is the kind of problem that needs to be solved at the right layer. malloc integer-overflow was implicated in the 2002 OpenSSH hole. OpenSSH and much other code is now written to use calloc(), for instance OpenSSH has 103 calls to it. We feel safer with our use of calloc(). It is a natural approach for us to use calloc(). How safe do you feel on systems which lack that range check in their calloc()? Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917
* More KNF and style consistency tweaksguenther2014-04-191-18/+18
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-7/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-17/+17
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+2
|
* disentangle SRP code from TLStedu2014-04-161-2/+0
|
* repair some whitespacetedu2014-04-151-50/+44
|
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-14/+1
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok miod
* Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternitybeck2014-04-151-4/+0
| | | | | with the bearded ones... some API's that nobody should be using will dissapear with this commit.
* Flense all use of BIO_snprintf from ssl source - use the real one instead,beck2014-04-141-4/+7
| | | | | | and allow for the normal posix mandated return values instead of the nonstandard one from BIO_snprintf. ok miod@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-713/+680
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-2/+3
|
* resolve conflictsdjm2012-10-131-14/+119
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+1
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-4/+2
|
* resolve conflicts, fix local changesdjm2010-10-011-331/+692
|
* resolve conflictsdjm2009-04-061-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:05:33 +0000