Commit Graph

258 Commits

Author SHA1 Message Date
David Benjamin
ed8fbad170 Remove SSL cert_flags.
These are never used and no flags are defined anyway.

Change-Id: I206dc2838c5f68d87559a702dcb299b208cc7e1e
Reviewed-on: https://boringssl-review.googlesource.com/4493
Reviewed-by: Adam Langley <agl@google.com>
2015-05-04 22:48:13 +00:00
David Benjamin
dd978784d7 Always enable ecdh_auto.
This is a really dumb API wart. Now that we have a limited set of curves that
are all reasonable, the automatic logic should just always kick in. This makes
set_ecdh_auto a no-op and, instead of making it the first choice, uses it as
the fallback behavior should none of the older curve selection APIs be used.

Currently, by default, server sockets can only use the plain RSA key exchange.

BUG=481139

Change-Id: Iaabc82de766cd00968844a71aaac29bd59841cd4
Reviewed-on: https://boringssl-review.googlesource.com/4531
Reviewed-by: Adam Langley <agl@google.com>
2015-04-28 20:51:05 +00:00
David Benjamin
2bf1a79654 Prune some unused constants from ssl/internal.h.
Change-Id: Iae9e064261cf7cb2968520812e2f242d7f643ecc
Reviewed-on: https://boringssl-review.googlesource.com/4293
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:07:38 +00:00
David Benjamin
71f0794d34 Document everything in ssl_ciph.c, now ssl_cipher.c.
Just about everything depends on SSL_CIPHER. Move it to the top as the first
section in ssl.h. Match the header order and the source file order and document
everything. Also make a couple of minor style guide tweaks.

Change-Id: I6a810dbe79238278ac480e5ced1447055715a79f
Reviewed-on: https://boringssl-review.googlesource.com/4290
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:06:55 +00:00
David Benjamin
0344dafb71 Tidy cipher rule processing.
Rather than shoehorn real ciphers and cipher aliases into the same type (that's
what cipher->valid is used for), treat them separately. Make
ssl_cipher_apply_rule match ciphers by cipher_id (the parameter was ignored and
we assumed that masks uniquely identify a cipher) and remove the special cases
around zero for all the masks. This requires us to remember which fields
default to 0 and which default to ~0u, but the logic is much clearer.

Finally, now that ciphers and cipher aliases are different, don't process rules
which sum together an actual cipher with cipher aliases. This would AND
together the masks for the alias with the values in the cipher and do something
weird around alg_ssl. (alg_ssl is just weird in general, as everyone trying to
disable SSLv3 in OpenSSL recently discovered.)

With all that, we can finally remove cipher->valid which was always one.

Change-Id: Iefcfe159bd6c22dbaea3a5f1517bd82f756dcfe1
Reviewed-on: https://boringssl-review.googlesource.com/4284
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:05:10 +00:00
David Benjamin
107db58047 Switch cipher masks to uint32_t.
These are all masks of some sort (except id which is a combined version and
cipher), so they should use fixed-size unsigned integers.

Change-Id: I058dd8ad231ee747df4b4fb17d9c1e2cbee21918
Reviewed-on: https://boringssl-review.googlesource.com/4283
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:16:05 +00:00
David Benjamin
f0ae170021 Include-what-you-use ssl/internal.h.
The rest of ssl/ still includes things everywhere, but this at least fixes the
includes that were implicit from ssl/internal.h.

Change-Id: I7ed22590aca0fe78af84fd99a3e557f4b05f6782
Reviewed-on: https://boringssl-review.googlesource.com/4281
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:15:02 +00:00
David Benjamin
2ee94aabf5 Rename ssl_locl.h to internal.h
Match the other internal headers.

Change-Id: Iff7e2dd06a1a7bf993053d0464cc15638ace3aaa
Reviewed-on: https://boringssl-review.googlesource.com/4280
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:14:09 +00:00