aboutsummaryrefslogtreecommitdiff
path: root/tool/ciphers.cc
AgeCommit message (Collapse)AuthorFilesLines
2017-08-18Use getters in tools/ciphers.cc and add -openssl-name flag.David Benjamin1-7/+11
Change-Id: I9e3526dbf496d4c198cb4070a7239114a4ff315e Reviewed-on: https://boringssl-review.googlesource.com/19424 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-22Support standard RFC cipher suite names alongside OpenSSL ones.David Benjamin1-1/+1
Both Conscrypt and Netty have a lot of logic to map between the two kinds of names. WebRTC needed an SSL_CIPHER_get_rfc_name for something. Just have both in the library. Also deprecate SSL_CIPHER_get_rfc_name in favor of SSL_CIPHER_standard_name, which matches upstream if built with enable-ssl-trace. And, unlike SSL_CIPHER_get_rfc_name, this does not require dealing with the malloc. (Strangely this decreases bssl's binary size, even though we're carrying more strings around. It seems the old SSL_CIPHER_get_rfc_name was somewhat large in comparison. Regardless, a consumer that disliked 30 short strings probably also disliked the OpenSSL names. That would be better solved by opaquifying SSL_CIPHER and adding a less stringy API for configuring cipher lists. That's something we can explore later if needed.) I also made the command-line tool print out the standard names since they're more standard. May as well push folks towards those going forward. Change-Id: Ieeb3d63e67ef4da87458e68d130166a4c1090596 Reviewed-on: https://boringssl-review.googlesource.com/17324 Reviewed-by: Robert Sloan <varomodt@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-02-22Add new cipherlist-setting APIs that reject nonsense.Matthew Braithwaite1-1/+1
The new APIs are SSL_CTX_set_strict_cipher_list() and SSL_set_strict_cipher_list(). They have two motivations: First, typos in cipher lists can go undetected for a long time, and can have surprising consequences when silently ignored. Second, there is a tendency to use superstition in the construction of cipher lists, for example by "turning off" things that do not actually exist. This leads to the corrosive belief that DEFAULT and ALL ought not to be trusted. This belief is false. Change-Id: I42909b69186e0b4cf45457e5c0bc968f6bbf231a Reviewed-on: https://boringssl-review.googlesource.com/13925 Commit-Queue: Matt Braithwaite <mab@google.com> Reviewed-by: Matt Braithwaite <mab@google.com>
2016-09-01Replace Scoped* heap types with bssl::UniquePtr.Matt Braithwaite1-3/+1
Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-12Revert "Move C++ helpers into |bssl| namespace."Adam Langley1-4/+0
This reverts commit 09feb0f3d95a2bc58ce0faaf14256d3bd30f52a4. (In order to make WebRTC happy this also needs to be reverted.)
2016-07-12Revert scoped_types.h change.Adam Langley1-0/+2
This reverts commits: 8d79ed67407e433d80ebc8d3aa080e8ce16e6eb7 19fdcb523402ed13ab798cf811fb0119e3e7b104 8d79ed67407e433d80ebc8d3aa080e8ce16e6eb7 Because WebRTC (at least) includes our headers in an extern "C" block, which precludes having any C++ in them. Change-Id: Ia849f43795a40034cbd45b22ea680b51aab28b2d
2016-07-11Remove scoped_types.h.Adam Langley1-2/+0
This change scatters the contents of the two scoped_types.h files into the headers for each of the areas of the code. The types are now in the |bssl| namespace. Change-Id: I802b8de68fba4786b6a0ac1bacd11d81d5842423 Reviewed-on: https://boringssl-review.googlesource.com/8731 Reviewed-by: Adam Langley <agl@google.com>
2016-07-11Move C++ helpers into |bssl| namespace.Adam Langley1-0/+4
We currently have the situation where the |tool| and |bssl_shim| code includes scoped_types.h from crypto/test and ssl/test. That's weird and shouldn't happen. Also, our C++ consumers might quite like to have access to the scoped types. Thus this change moves some of the template code to base.h and puts it all in a |bssl| namespace to prepare for scattering these types into their respective headers. In order that all the existing test code be able to access these types, it's all moved into the same namespace. Change-Id: I3207e29474dc5fcc344ace43119df26dae04eabb Reviewed-on: https://boringssl-review.googlesource.com/8730 Reviewed-by: David Benjamin <davidben@google.com>
2015-11-03Add ciphers option to bssl.Adam Langley1-0/+66
This simply converts a cipher suite string to the list of cipher suites that it implies. Change-Id: Id8b31086715d619ea6601c40a6eb84dc0d8c500d Reviewed-on: https://boringssl-review.googlesource.com/6370 Reviewed-by: Adam Langley <agl@google.com>
generated by cgit v1.1 at 2024-10-19 00:31:38 +0000