summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.tedu2014-06-171-2/+4
|
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+12
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-0/+1
|
* More KNF.jsing2014-06-071-6/+4
|
* Some KNF and fix the vairable spelling.jsing2014-05-311-23/+16
|
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-1/+1
|
* unifdef -UDOXYGEN and manually remove the few doxygen comments that are notjsing2014-05-311-31/+0
| | | | | | wrapped in #ifdef DOXYGEN... Requested by miod@
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-10/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-38/+1
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-3/+1
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-291-2/+0
| | | | | that does not. "fire bomb" tedu@
* no space before labeltedu2014-05-291-9/+9
|
* consistent bracestedu2014-05-291-13/+13
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-20/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-0/+1
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* When you have functions that perform specific functions, use them.jsing2014-05-291-18/+9
| | | | | | | | EVP_CIPHER_CTX_free() does a NULL check, then calls EVP_CIPHER_CTX_cleanup() and frees the memory. COMP_CTX_free() also had its own NULL check, so there is no point in duplicating that here. ok beck@
* EVP_MD_CTX_create() calls malloc and can return NULL. However, only one ofjsing2014-05-281-1/+1
| | | | | | | the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-19/+11
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* remove unused shit. from Alexander Schrijvertedu2014-05-251-4/+0
|
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-12/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* I'm so sorry to learn that the Diab compiler can't (or used not to) parse Cmiod2014-05-241-5/+1
| | | | code. Remove workaround.
* Use C99 initialisers for SSL3_ENC_METHOD structs.jsing2014-05-241-16/+19
| | | | ok miod@
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-27/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Nuke OPENSSL_NO_SOCK since any half sane operating system has sockets.jsing2014-05-021-2/+0
| | | | ok beck@
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-108/+111
| | | | I missed on the first go around.
* KNFmcbride2014-04-241-291/+416
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-5/+2
|
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-5/+2
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* More KNF and style consistency tweaksguenther2014-04-191-69/+71
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-8/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-6/+0
|
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-24/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-17/+17
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-37/+0
| | | | a better malloc. ok beck deraadt
* add back SRP. i was being too greedy.tedu2014-04-161-0/+6
|
* disentangle SRP code from TLStedu2014-04-161-6/+0
|
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-52/+32
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-7/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-1559/+1600
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* remove last vestiges of OPENSSL_SYS_XXX from src/sslbeck2014-04-141-4/+0
| | | | ok deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-6/+20
|
* resolve conflictsdjm2012-10-131-22/+225
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+3
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-32/+15
|
* resolve conflicts, fix local changesdjm2010-10-011-129/+485
|
* resolve conflictsdjm2009-04-061-0/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:28:44 +0000