summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Temporarily revive MD4 for MS CHAP support.doug2015-09-1416-23/+666
|
* Crank major version due to removal of SHA-0 and MD4 from libcrypto.doug2015-09-132-4/+4
|
* Remove MD4 support from LibreSSL.doug2015-09-1316-666/+23
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* Remove SHA-0 support.doug2015-09-1310-323/+16
| | | | | | | SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@
* Since a major bump of libcrypto is coming, remove OPENSSL_ia32cap andmiod2015-09-132-17/+2
| | | | | OPENSSL_ia32cap_loc; nothing in ports uses them besides embedded copies of OpenSSL. This opens the `all hell gets loose' window.
* Handle negative-zero in BN_bn2dec() too, just like in BN_print().deraadt2015-09-131-22/+31
| | | | ok miod
* Reorder functions for readability/consistency.jsing2015-09-131-235/+228
|
* BN does support negative-zero -- BN_print() sets the standard here.deraadt2015-09-131-3/+3
| | | | | | | BN_bn2hex() had a 1-byte overflow when creating "-0\0". Reported to me a while back by unknown person -- did not have enough experience to push this through then. advice from jsing, ok miod
* Only check for key truncation if no KDF function is being used.jsing2015-09-131-4/+4
| | | | ok beck@ miod@
* Stop generating private keys in a network buffer.jsing2015-09-132-58/+58
| | | | | | | | | | The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@
* Use ECDH_size() instead of rolling our own.jsing2015-09-134-24/+22
| | | | ok beck@
* Switch to miod's shiny new OPENSSL_cpu_caps() and we can now also enablejsing2015-09-132-6/+6
| | | | | | the AES acceleration checking for i386. ok beck@ miod@
* Merge ech_ossl.c into ech_key.c - not much point having one file with ajsing2015-09-132-215/+146
| | | | | | four line function and a tonne of license text. ok beck@
* Nuke openssl/e_os2.h, since nothing should be using it.jsing2015-09-131-84/+0
| | | | ok deraadt@ "hurray! finally!" miod@ "Yay!" sthen@
* Provide ECDH_size().jsing2015-09-133-4/+11
| | | | "jajaja" miod@
* Check ECDH output buffer length and avoid truncation.jsing2015-09-133-6/+16
| | | | | | | | | Currently, if you call ECDH_compute_key() it will silently truncate the resulting key if the output buffer is less than the key size. Instead, detect this condition and return an error. If the buffer provided is larger than the key length, zero the remainder. ok beck@ miod@ "+ shivers"
* Lob a style(9) grenade in here.jsing2015-09-136-181/+176
|
* Mechanical minor bump to follow libcrypto.miod2015-09-132-2/+2
|
* Add a new interface, OPENSSL_cpu_caps(), to return the currently runningmiod2015-09-132-2/+17
| | | | | | | | | | | | | cpu's specific hardware capabilities users of libcrypto might be interested in, as an integer value. This deprecates the existing OPENSSL_ia32cap() macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so that you can mess with stuff you shouldn't mess with). Interpreting the value returned by OPENSSL_cpu_caps() is, of course, machine-dependent. Minor version bump for libcrypto. ok beck@ jsing@
* The *_accept() functions increment in_handshake at the start of the function,jsing2015-09-134-38/+60
| | | | | | | | then decrement it and call a callback on exit from the function. As such, these functions should not return in the middle, otherwise in_handshake is never decremented and the callback never called. ok beck@ "with many sighs" miod@
* If we have hardware acceleration for AES, prefer AES as a symmetric cipherjsing2015-09-132-14/+60
| | | | | | over CHACHA20. Otherwise, prefer CHACHA20 with AES second. ok beck@ miod@
* Split ssl3_send_client_key_exchange() (387 lines of code) into fivejsing2015-09-122-654/+702
| | | | | | | | | functions. The original was written as a huge if/else if chain - split out the handling for each key exchange type. This allows us to reduce two levels of indentation, make the code far more readable and have single return paths so that we can simplify clean up. ok beck@
* Fix function name.jsing2015-09-122-4/+4
|
* Sync handling of cached record digests with s3_srvr.c.jsing2015-09-122-2/+46
|
* explicit_bzero() the GOST premaster secret.jsing2015-09-122-4/+14
| | | | ok miod@
* Unwrap a bunch of lines.jsing2015-09-122-74/+38
|
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-1214-236/+114
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines ofjsing2015-09-124-222/+6
| | | | code deduped.
* Move handshake message header length determination into a separatejsing2015-09-128-46/+54
| | | | | | | ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
* Uncopy and unpaste dtls1_send_certificate_request() - removes another 80jsing2015-09-124-160/+6
| | | | lines of code, while gaining SIGALGs support.
* Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329jsing2015-09-124-658/+6
| | | | lines of code, while gaining bug fixes and SIGALGs support.
* Uncopy and unpaste dtls1_send_server_done().jsing2015-09-124-36/+6
|
* Uncopy and unpaste dtls1_send_server_hello().jsing2015-09-124-136/+6
|
* Uncopy and unpaste dtls1_send_hello_request().jsing2015-09-124-36/+6
|
* Convert the rest of the server handshake functions to ssl3_handshake_msg_*.jsing2015-09-122-88/+70
| | | | ok beck@
* Uncopy and unpaste dtls1_send_client_verify() - thejsing2015-09-124-148/+6
| | | | | ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
* Uncopy and unpaste dtls1_send_client_key_exchange() - thejsing2015-09-124-538/+10
| | | | | | | | ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
* Use explicit_bzero() instead of memset() when clearing private keys.jsing2015-09-122-6/+8
| | | | ok bcook@ beck@ miod@
* Pull variable assignment out from function call, fix indentation and setjsing2015-09-122-16/+14
| | | | state after calling ssl3_handshake_msg_finish().
* style(9) and whitespace cleanups.jsing2015-09-122-58/+50
|
* Remove workaround for old SIMICS toolchain.miod2015-09-121-45/+1
|
* Remove horribly old and outdated `documentation' for the assembly code.miod2015-09-126-326/+0
|
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-1124-130/+130
| | | | | | ssl3_ prefix. ok beck@
* Merge the remnants of s3_enc.c into t1_enc.c.jsing2015-09-114-269/+248
| | | | ok beck@
* Nuke ssl_set_peer_cert_type().jsing2015-09-114-20/+4
| | | | ok "flensing knife"
* Nuke ssl_bad_method().jsing2015-09-114-22/+4
| | | | ok "flensing knife"
* Nuke ssl3_default_timeout().jsing2015-09-114-26/+4
| | | | ok "flensing knife"
* Nuke ssl_replace_hash().jsing2015-09-114-46/+4
| | | | ok "flensing knife"
* Nuke ssl3_cbc_remove_padding().jsing2015-09-114-68/+4
| | | | ok "flensing knife"
* Nuke ssl3_alert_code().jsing2015-09-113-76/+3
| | | | ok "flensing knife"
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 11:57:11 +0000