summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-8/+11
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Check the return value of sk_SSL_CIPHER_new_null(), since it allocatesjsing2014-08-111-5/+7
| | | | | | memory and can return NULL. ok miod@
* Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed wayjsing2014-08-111-10/+8
| | | | | | | | of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-11/+9
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-5/+5
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-11/+23
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-11/+6
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-4/+1
| | | | ok beck@ miod@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-115/+1
| | | | | baggage. ok miod@ jsing@
* Remove more compression tendrils.jsing2014-07-101-6/+2
| | | | ok tedu@
* decompress libssl. ok beck jsingtedu2014-07-101-29/+1
|
* remove unused ecc_pkey_size.bcook2014-07-101-4/+2
| | | | ok jsing@ miod@
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-66/+5
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.tedu2014-06-171-2/+4
|
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+12
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-0/+1
|
* More KNF.jsing2014-06-071-6/+4
|
* Some KNF and fix the vairable spelling.jsing2014-05-311-23/+16
|
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-1/+1
|
* unifdef -UDOXYGEN and manually remove the few doxygen comments that are notjsing2014-05-311-31/+0
| | | | | | wrapped in #ifdef DOXYGEN... Requested by miod@
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-10/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-38/+1
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-3/+1
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-291-2/+0
| | | | | that does not. "fire bomb" tedu@
* no space before labeltedu2014-05-291-9/+9
|
* consistent bracestedu2014-05-291-13/+13
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-20/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-0/+1
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* When you have functions that perform specific functions, use them.jsing2014-05-291-18/+9
| | | | | | | | EVP_CIPHER_CTX_free() does a NULL check, then calls EVP_CIPHER_CTX_cleanup() and frees the memory. COMP_CTX_free() also had its own NULL check, so there is no point in duplicating that here. ok beck@
* EVP_MD_CTX_create() calls malloc and can return NULL. However, only one ofjsing2014-05-281-1/+1
| | | | | | | the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-19/+11
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* remove unused shit. from Alexander Schrijvertedu2014-05-251-4/+0
|
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-12/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* I'm so sorry to learn that the Diab compiler can't (or used not to) parse Cmiod2014-05-241-5/+1
| | | | code. Remove workaround.
* Use C99 initialisers for SSL3_ENC_METHOD structs.jsing2014-05-241-16/+19
| | | | ok miod@
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-27/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Nuke OPENSSL_NO_SOCK since any half sane operating system has sockets.jsing2014-05-021-2/+0
| | | | ok beck@
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-108/+111
| | | | I missed on the first go around.
* KNFmcbride2014-04-241-291/+416
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-5/+2
|
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-5/+2
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* More KNF and style consistency tweaksguenther2014-04-191-69/+71
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-8/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-6/+0
|
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-24/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-17/+17
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:00:51 +0000