wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11356 commits 20 branches 302 tags 153 MiB
Commit graph

1387 commits

Author SHA1 Message Date
Dr. Stephen Henson
0f39bab0df Function tls1_check_ec_server_key is now redundant as we make 
appropriate checks in tls1_check_chain.
 2012-06-28 13:02:14 +00:00
Dr. Stephen Henson
d61ff83be9 Add new "valid_flags" field to CERT_PKEY structure which determines what 
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
 2012-06-28 12:45:49 +00:00
Dr. Stephen Henson
be681e123c don't use pseudo digests for default values of keys 2012-06-27 14:12:47 +00:00
Dr. Stephen Henson
4453cd8c73 Reorganise supported signature algorithm extension processing. 
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
 2012-06-25 14:32:30 +00:00
Dr. Stephen Henson
0f229cce65 Add support for application defined signature algorithms for use with 
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
 2012-06-22 14:03:31 +00:00
Dr. Stephen Henson
c4ff5d1147 fix clashing error code 2012-06-18 13:11:09 +00:00
Dr. Stephen Henson
a5ee80b910 Make it possible to delete all certificates from an SSL structure. 2012-06-18 12:56:59 +00:00
Dr. Stephen Henson
93ab9e421e Initial record tracing code. Print out all fields in SSL/TLS records 
for debugging purposes. Needs "enable-ssl-trace" configuration option.
 2012-06-15 12:46:09 +00:00
Ben Laurie
195b9eeeed Fix memory leak. 2012-06-11 09:23:55 +00:00
Ben Laurie
7a71af86ce Rearrange and test authz extension. 2012-06-07 13:20:47 +00:00
Ben Laurie
32e62d1cc4 Fix memory leak. 2012-06-06 13:03:42 +00:00
Ben Laurie
aeda172afd Parse authz correctly. 2012-06-06 12:52:19 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Ben Laurie
a9e1c50bb0 RFC 5878 support. 2012-05-30 10:10:58 +00:00
Andy Polyakov
41409651be s2_clnt.c: compensate for compiler bug. 2012-05-16 12:47:36 +00:00
Dr. Stephen Henson
c3b1303387 PR: 2811 
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
 2012-05-11 13:34:29 +00:00
Dr. Stephen Henson
efb19e1330 PR: 2806 
Submitted by: PK <runningdoglackey@yahoo.com>

Correct ciphersuite signature algorithm definitions.
 2012-05-10 18:25:39 +00:00
Dr. Stephen Henson
c46ecc3a55 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and 
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 16:03:52 +00:00
Dr. Stephen Henson
a708609945 Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:55:01 +00:00
Dr. Stephen Henson
43d5b4ff31 Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and 
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
 2012-04-25 23:04:42 +00:00
Andy Polyakov
f2ad35821c s23_clnt.c: ensure interoperability by maitaining client "version capability" 
vector contiguous.
PR: 2802
 2012-04-25 22:06:32 +00:00
Dr. Stephen Henson
09e4e4b98e Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Reviewed by: steve
Improved localisation of TLS extension handling and code tidy.
 2012-04-24 12:22:23 +00:00
Dr. Stephen Henson
ce33b42bc6 oops, not yet ;-) 2012-04-23 21:58:29 +00:00
Dr. Stephen Henson
579d553464 update NEWS 2012-04-23 21:56:33 +00:00
Dr. Stephen Henson
b214184160 recognise X9.42 DH certificates on servers 2012-04-18 17:03:29 +00:00
Dr. Stephen Henson
aa09c2c631 correct error codes 2012-04-18 15:36:12 +00:00
Bodo Möller
d3ddf0228e Disable SHA-2 ciphersuites in < TLS 1.2 connections. 
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
 2012-04-17 15:23:03 +00:00
Dr. Stephen Henson
800e1cd969 Additional workaround for PR#2771 
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
 2012-04-17 15:12:09 +00:00
Dr. Stephen Henson
293706e72c Partial workaround for PR#2771. 
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
 2012-04-17 13:21:19 +00:00
Andy Polyakov
4a1fbd13ee OPENSSL_NO_SOCK fixes. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:42:36 +00:00
Andy Polyakov
3b1fb1a022 s3_srvr.c: fix typo. 
PR: 2538
 2012-04-15 17:22:57 +00:00
Andy Polyakov
fc90e42c86 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure.

PR: 2778
 2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
adfd95c2ac use different variable for chain iteration 2012-04-11 16:01:08 +00:00
Dr. Stephen Henson
b2284ed34a Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Localize client hello extension parsing in t1_lib.c
 2012-04-06 11:18:40 +00:00
Dr. Stephen Henson
a43526302f Add support for automatic ECDH temporary key parameter selection. When 
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
 2012-04-05 13:38:27 +00:00
Andy Polyakov
a20152bdaf ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444). 
PR: 2778
 2012-04-04 20:45:51 +00:00
Dr. Stephen Henson
fd2b65ce53 Tidy up EC parameter check code: instead of accessing internal structures 
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
 2012-04-04 14:41:01 +00:00
Dr. Stephen Henson
94e9215fbc PR: 2778(part) 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
 2012-03-31 18:03:02 +00:00
Dr. Stephen Henson
d0595f170c Initial revision of ECC extension handling. 
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
 2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
7744ef1ada use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:33:23 +00:00
Dr. Stephen Henson
156421a2af oops, revert unrelated patches 2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0 update FAQ, NEWS 2012-03-14 13:44:57 +00:00
Andy Polyakov
d2add2efaa ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. 2012-03-13 19:20:55 +00:00
Dr. Stephen Henson
15a40af2ed Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Add more extension names in s_cb.c extension printing code.
 2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
e7f8ff4382 New ctrls to retrieve supported signature algorithms and curves and 
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
 2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:26:15 +00:00
Dr. Stephen Henson
57cb030cea PR: 2739 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
 2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
8f27a92754 ABI fixes from 1.0.1-stable 2012-02-23 22:25:52 +00:00
Dr. Stephen Henson
5421196eca ABI compliance fixes. 
Move new structure fields to end of structures.
 2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494 SSL export fixes (from Adam Langley) [original from 1.0.1] 2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439 initialise i if n == 0 2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
206310c305 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
11eaec9ae4 Submitted by: Eric Rescorla <ekr@rtfm.com> 
Further fixes for use_srtp extension.
 2012-02-11 22:53:31 +00:00
Dr. Stephen Henson
1df80b6561 PR: 2704 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
 2012-02-10 20:08:36 +00:00
Dr. Stephen Henson
5997efca83 Submitted by: Eric Rescorla <ekr@rtfm.com> 
Fix encoding of use_srtp extension to be compliant with RFC5764
 2012-02-10 00:07:18 +00:00
Dr. Stephen Henson
57559471bf oops, revert unrelated changes 2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341 Modify client hello version when renegotiating to enhance interop with 
some servers.
 2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23 typo 2012-02-02 19:18:24 +00:00
Dr. Stephen Henson
f71c6e52f7 Add support for distinct certificate chains per key type and per SSL 
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
 2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf code tidy 2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c Revise ssl code to use a CERT_PKEY structure when outputting a 
certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
 2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457 Tidy/enhance certificate chain output code. 
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
 2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
08e4ea4884 initialise dh_clnt 2012-01-26 14:37:46 +00:00
Dr. Stephen Henson
0d60939515 add support for use of fixed DH client certificates 2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
1db5f356f5 return error if md is NULL 2012-01-22 13:12:14 +00:00
Dr. Stephen Henson
855d29184e Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
8e1dc4d7ca Support for fixed DH ciphersuites. 
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
 2012-01-16 18:19:14 +00:00
Bodo Möller
7bb1cc9505 Fix for builds without DTLS support. 
Submitted by: Brian Carlstrom
 2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce PR: 2671 
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
 2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> 
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
 2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e745572493 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
25536ea6a7 Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5 oops, revert wrong patch 2012-01-03 22:06:21 +00:00
Dr. Stephen Henson
5733919dbc only send heartbeat extension from server if client sent one 2012-01-03 22:03:20 +00:00
Dr. Stephen Henson
4817504d06 PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
84b6e277d4 make update 2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
c79f22c63a PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
 2011-12-27 14:21:45 +00:00
Dr. Stephen Henson
f3d781bb43 PR: 2326 
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
 2011-12-26 19:37:58 +00:00
Dr. Stephen Henson
7e159e0133 PR: 2535 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
 2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
b9e1488865 typo 2011-12-23 15:03:03 +00:00
Dr. Stephen Henson
9c52c3e07c delete unimplemented function from header file, update ordinals 2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
b646fc409d remove prototype for deleted SRP function 2011-12-22 16:05:02 +00:00
Dr. Stephen Henson
f9b0b45238 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. 
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
 2011-12-22 15:14:32 +00:00
Dr. Stephen Henson
f2fc30751e PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
 2011-12-14 22:17:06 +00:00
Ben Laurie
3c0ff9f939 Remove redundant TLS exporter. 2011-12-13 15:57:39 +00:00
Dr. Stephen Henson
7a2362611f fix error discrepancy 2011-12-07 12:28:40 +00:00
Bodo Möller
19b0d0e75b Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:52:00 +00:00
Dr. Stephen Henson
ebba6c4895 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
 2011-11-25 00:17:44 +00:00
Bodo Möller
6f31dd72d2 Fix NPN implementation for renegotiation. 
(Problem pointed out by Ben Murphy.)

Submitted by: Adam Langley
 2011-11-24 21:07:01 +00:00
Dr. Stephen Henson
1c78c43bd3 move internal functions to ssl_locl.h 2011-11-21 22:52:13 +00:00
Dr. Stephen Henson
21b52dd3eb bcmp doesn't exist on all platforms, replace with memcmp 2011-11-21 22:28:29 +00:00
Ben Laurie
e0af04056c Add TLS exporter. 2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67 Add DTLS-SRTP. 2011-11-15 22:59:20 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more 
aspirational __owur annotations.
 2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
0c58d22ad9 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:01 +00:00
Dr. Stephen Henson
930e801214 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:52 +00:00
Dr. Stephen Henson
fe0e302dff PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
 2011-10-27 13:01:33 +00:00
Dr. Stephen Henson
45906fe63b Use correct tag for SRP username. 2011-10-25 12:51:22 +00:00
Dr. Stephen Henson
ffbfbef943 more vxworks patches 2011-10-14 22:04:14 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
eb47b2fb13 add GCM ciphers in SSL_library_init 2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0 disable GCM if not available 2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab Don't disable TLS v1.2 by default now. 2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
6dd547398a use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
fca38e350b fix signed/unsigned warning 2011-09-26 17:04:32 +00:00
Dr. Stephen Henson
d18a0df0a6 make sure eivlen is initialised 2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1d7392f219 PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:34:48 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:31 +00:00
Dr. Stephen Henson
d41ce00b8c PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:02:23 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of 
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
 2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
31475a370c oops, remove debug option 2011-07-25 21:38:41 +00:00
Dr. Stephen Henson
d09677ac45 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 20:41:32 +00:00
Dr. Stephen Henson
0445ab3ae0 PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:51 +00:00
Dr. Stephen Henson
bb48f4ce6e PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:14:24 +00:00
Andy Polyakov
146e1fc7b3 ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac 
combos that can be implemented as AEAD ciphers.
 2011-07-11 14:00:43 +00:00
Andy Polyakov
7532071aa3 ssl/t1_enc.c: initial support for AEAD ciphers. 2011-07-11 13:58:59 +00:00
Dr. Stephen Henson
861a7e5c9f PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:30:14 +00:00
Dr. Stephen Henson
70051b1d88 set FIPS allow before initialising ctx 2011-06-14 15:25:21 +00:00
Dr. Stephen Henson
ca9335760b fix memory leak 2011-06-08 15:55:43 +00:00
Dr. Stephen Henson
1c13c122d8 Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:41 +00:00
Dr. Stephen Henson
4f8f8bf3a4 fix error discrepancy 2011-06-03 18:50:24 +00:00
Dr. Stephen Henson
654ac273c1 typo 2011-06-01 11:10:35 +00:00
Dr. Stephen Henson
8f119a0357 set FIPS permitted flag before initalising digest 2011-05-31 16:24:19 +00:00
Dr. Stephen Henson
1b2047c5c0 Don't round up partitioned premaster secret length if there is only one 
digest in use: this caused the PRF to fail for an odd premaster secret
length.
 2011-05-31 10:34:43 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
ebc5e72fe5 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:31:32 +00:00
Dr. Stephen Henson
3d52f1d52b PR: 2533 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
 2011-05-25 15:20:49 +00:00
Dr. Stephen Henson
fd60dfa0f2 PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:16:10 +00:00
Dr. Stephen Henson
bbcf3a9b30 Some nextproto patches broke DTLS: fix 2011-05-25 14:31:47 +00:00
Dr. Stephen Henson
006b54a8eb Oops use up to date patch for PR#2506 2011-05-25 14:30:20 +00:00
Dr. Stephen Henson
7832d6ab1c PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:06 +00:00
Dr. Stephen Henson
ee4b5cebef PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:25:01 +00:00
Dr. Stephen Henson
238b63613b use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:07 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
4f7533eb84 set encodedPoint to NULL after freeing it 2011-05-19 16:17:47 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
8f82912460 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.
 2011-05-12 14:38:01 +00:00
Dr. Stephen Henson
4f7a2ab8b1 make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:50:18 +00:00
Dr. Stephen Henson
fc101f88b6 Reorder signature algorithms in strongest hash first order. 2011-05-11 16:33:28 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00