kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
df90a64483
boringssl/ssl
History
David Benjamin df90a64483 Remove MD5, SHA-224, and SHA-512 handling from s3_cbc.c. 
The only MD5 CBC-mode cipher suites are TLS_KRB5_WITH_DES_CBC_MD5,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5, and TLS_KRB5_WITH_IDEA_CBC_MD5. We do not
support those, and it seems quite safe to assume that list will not grow.

No current cipher suites use SHA-224 or SHA-512 MACs. We can restore those
cases if that ever changes, but hopefully any future cipher suites we care
about will be using the AEAD construction.

Change-Id: I7f2d30238e2156a59b5fed1e48fabe6660fc9b67
Reviewed-on: https://boringssl-review.googlesource.com/1697
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 23:42:15 +00:00
..
pqueue Add tests for pqueue 2014-09-02 20:09:23 +00:00
test Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2. 2014-09-02 23:41:34 +00:00
CMakeLists.txt Add visibility rules. 2014-07-31 22:03:11 +00:00
d1_both.c Fix minor issues found by Clang's analysis. 2014-09-02 22:39:41 +00:00
d1_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
d1_enc.c Remove crypto/comp and SSL_COMP support code. 2014-06-24 17:22:06 +00:00
d1_lib.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_srtp.c Fix the return values for most of SRTP. 2014-09-02 23:41:22 +00:00
d1_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_both.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_cbc.c Remove MD5, SHA-224, and SHA-512 handling from s3_cbc.c. 2014-09-02 23:42:15 +00:00
s3_clnt.c Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2. 2014-09-02 23:41:34 +00:00
s3_enc.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_lib.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_meth.c Inital import. 2014-06-20 13:17:32 -07:00
s3_pkt.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
s3_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s23_clnt.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Inital import. 2014-06-20 13:17:32 -07:00
ssl_asn1.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_cert.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_ciph.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
ssl_error.c Refactor server-side CertificateVerify handling. 2014-08-27 01:55:27 +00:00
ssl_lib.c Fix minor issues found by Clang's analysis. 2014-09-02 22:39:41 +00:00
ssl_locl.h Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Convert all zero-argument functions to '(void)' 2014-08-21 01:06:07 +00:00
ssl_txt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
t1_clnt.c Inital import. 2014-06-20 13:17:32 -07:00
t1_enc.c Remove remnants of EVP_CIPHER-based AES_GCM cipher. 2014-09-02 22:42:26 +00:00
t1_lib.c Fix the return values for most of SRTP. 2014-09-02 23:41:22 +00:00
t1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00
t1_srvr.c Inital import. 2014-06-20 13:17:32 -07:00