kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f55e2e7266
boringssl/crypto
History
David Benjamin 3cfeb9522b Disable SSLv3 by default. 
As a precursor to removing the code entirely later, disable the protocol
by default. Callers must use SSL_CTX_set_min_version to enable it.

This change also makes SSLv3_method *not* enable SSL 3.0. Normally
version-specific methods set the minimum and maximum version to their
version. SSLv3_method leaves the minimum at the default, so we will
treat it as all versions disabled. To help debugging, the error code is
switched from WRONG_SSL_VERSION to a new NO_SUPPORTED_VERSIONS_ENABLED.

This also defines OPENSSL_NO_SSL3 and OPENSSL_NO_SSL3_METHOD to kick in
any no-ssl3 build paths in consumers which should provide a convenient
hook for any upstreaming changes that may be needed. (OPENSSL_NO_SSL3
existed in older versions of OpenSSL, so in principle one may encounter
an OpenSSL with the same settings.)

Change-Id: I96a8f2f568eb77b2537b3a774b2f7108bd67dd0c
Reviewed-on: https://boringssl-review.googlesource.com/14031
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-11 16:38:16 +00:00
..
aes Synchronize bsaes-armv7.pl with upstream. 2017-03-27 16:38:33 +00:00
asn1 Fix potential memory leak in ASN1_TIME_to_generalizedtime() 2017-03-21 18:10:51 +00:00
base64 Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
bio Convert bio_test to GTest. 2017-03-21 17:39:57 +00:00
bn Use BN_get_word in probable_prime. 2017-04-07 16:00:32 +00:00
buf Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
bytestring Correct a typo in ASN.1 type name. 2017-03-16 21:57:58 +00:00
chacha x86_64 assembly pack: Win64 SEH face-lift. 2017-02-16 21:55:04 +00:00
cipher Use a union in tls_cbc.c. 2017-03-30 16:25:11 +00:00
cmac Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
conf Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
curve25519 Add the start of standalone iOS build support. 2017-04-07 17:13:44 +00:00
des Fix up macros. 2016-10-18 18:28:23 +00:00
dh Remove direct calls to BN_mod_exp. 2017-02-28 18:00:02 +00:00
digest_extra First part of the FIPS module. 2017-04-07 00:05:34 +00:00
dsa Add a common TestEventListener for the error queue. 2017-02-07 21:33:22 +00:00
ec Enforce minimum EC group size when generating keys for FIPS compliance. 2017-04-07 19:30:23 +00:00
ecdh Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
ecdsa ECDSA: const EC_KEY* arguments where possible. 2017-02-18 06:22:01 +00:00
engine Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
err Disable SSLv3 by default. 2017-04-11 16:38:16 +00:00
evp First part of the FIPS module. 2017-04-07 00:05:34 +00:00
fipsmodule Be less clever about .rel.ro avoidance. 2017-04-07 15:20:26 +00:00
hkdf Convert hkdf_test to C++. 2017-01-04 01:40:44 +00:00
hmac_extra First part of the FIPS module. 2017-04-07 00:05:34 +00:00
lhash Remove lh_new's default hash and comparator. 2017-01-04 01:44:10 +00:00
modes Remove unsigned-based constant-time functions. 2017-03-30 16:24:19 +00:00
obj Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
pem Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
perlasm Gate assembly sources on !OPENSSL_NO_ASM. 2017-03-30 19:34:21 +00:00
pkcs8 First part of the FIPS module. 2017-04-07 00:05:34 +00:00
poly1305 Fix Android build. 2017-04-07 17:33:24 +00:00
pool Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
rand Remove TODO. 2017-03-25 16:29:04 +00:00
rc4 Simplify RC4 code and remove assembly. 2016-08-30 15:32:31 +00:00
rsa Add comment about ensuring no other data follows the hash value in PKCS #1 2017-04-10 20:03:07 +00:00
stack Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
test Convert bio_test to GTest. 2017-03-21 17:39:57 +00:00
x509 Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
x509v3 Fix a crash in print_notice. 2017-03-21 14:50:26 +00:00
CMakeLists.txt Add the start of standalone iOS build support. 2017-04-07 17:13:44 +00:00
constant_time_test.cc Remove static output buffers for hash & HMAC functions. 2017-04-02 17:53:17 +00:00
cpu-aarch64-linux.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-arm-linux.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
cpu-arm.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-intel.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
cpu-ppc64le.c Make the POWER hardware capability value a global in crypto.c. 2017-04-04 18:19:19 +00:00
crypto.c Be less clever about .rel.ro avoidance. 2017-04-07 15:20:26 +00:00
ex_data.c Fix CRYPTO_dup_ex_data. 2017-04-04 18:21:49 +00:00
internal.h Remove unsigned-based constant-time functions. 2017-03-30 16:24:19 +00:00
mem.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
refcount_c11.c
refcount_lock.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
refcount_test.cc Convert constant_time_test and refcount_test to C++. 2017-01-04 01:36:49 +00:00
thread_none.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_pthread.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
thread_test.c Fix CRYPTO_once_t initialization test. 2017-04-07 15:57:31 +00:00
thread_win.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
thread.c Remove a bunch of unnecessary includes. 2016-06-28 20:31:14 +00:00